Your submission was sent successfully! Close

CVE-2011-1406

Published: 13 May 2011

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.

Priority

Medium

Status

Package Release Status
mahara
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.6)