PT-2010-3330 · Catalyst It · Mahara

Publicado

2010-07-06

Atualizado

2010-07-07

CVE-2010-1670

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mahara versions 1.0.0 through 1.0.14 Mahara versions 1.1.0 through 1.1.8 Mahara versions 1.2.0 through 1.2.4

Description The issue is related to improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality. This allows remote attackers to bypass authentication via an empty password.

Recommendations For Mahara versions 1.0.0 through 1.0.14, update to version 1.0.15 or later. For Mahara versions 1.1.0 through 1.1.8, update to version 1.1.9 or later. For Mahara versions 1.2.0 through 1.2.4, update to version 1.2.5 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2010-1670

DSA-2067-1

Produtos afetados

Mahara

PT-2010-3330 · Catalyst It · Mahara

CVE-2010-1670

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7