Published: 06/07/2010 Updated: 07/07/2010

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Mahara prior to 1.0.15, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote malicious users to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mahara mahara 0.9.0
mahara mahara 1.0.5
mahara mahara 1.0.7
mahara mahara 1.0.12
mahara mahara
mahara mahara 1.0.0
mahara mahara 1.0.1
mahara mahara 1.0.2
mahara mahara 1.0.3
mahara mahara 1.0.8
mahara mahara 1.0.10
mahara mahara 1.0.11
mahara mahara 0.9.1
mahara mahara 0.9.2
mahara mahara 1.0.4
mahara mahara 1.0.6
mahara mahara 1.0.13
mahara mahara 1.1.0
mahara mahara 1.1.6
mahara mahara 1.1.7
mahara mahara 1.1.4
mahara mahara 1.1.3
mahara mahara 1.1.2
mahara mahara 1.1.8
mahara mahara 1.1.1
mahara mahara 1.1.5
mahara mahara 1.2.0
mahara mahara 1.2.3
mahara mahara 1.2.1
mahara mahara 1.2.2
mahara mahara 1.2.4

Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-1667 Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks CVE-2010-1668 Multiple forms ...

CWE-287 http://wiki.mahara.org/Release_Notes/1.2.5 http://wiki.mahara.org/Release_Notes/1.0.15 http://www.securityfocus.com/bid/41319 http://wiki.mahara.org/Release_Notes/1.1.9 http://secunia.com/advisories/40431 https://nvd.nist.gov https://www.debian.org/security/./dsa-2067

CVE-2010-1670

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect