CVE-2011-1406

Name of the Vulnerable Software and Affected Versions Mahara versions prior to 1.3.6

Description The issue arises from improper handling of an https URL in the wwwroot configuration setting. This makes it easier for remote attackers to obtain credentials by sniffing the network when an http URL is used for a login.

Recommendations For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the login functionality over http to minimize the risk of exploitation.