Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/mahara/+bug/1692749 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2017-11-03 11:29
Updated : 2017-11-13 06:57
NVD link : CVE-2017-1000157
Mitre link : CVE-2017-1000157
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
mahara
- mahara