Mahara Mobile prior to 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
mahara mahara mobile