Описание
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.2.5-2 |
| hardy | DNE | |
| jaunty | released | 1.0.9-2ubuntu0.7 |
| karmic | released | 1.1.5-1ubuntu0.3 |
| lucid | released | 1.2.4-1ubuntu0.1 |
| upstream | released | 1.0.15,1.1.9,1.2.5 |
Показывать по
7.5 High
CVSS2
Связанные уязвимости
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has i ...
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
7.5 High
CVSS2