CVE-2010-1670

Description

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

Software From Fixed in
mahara / mahara - 1.0.14.x
mahara / mahara 0.9.0 0.9.0.x
mahara / mahara 0.9.1 0.9.1.x
mahara / mahara 0.9.2 0.9.2.x
mahara / mahara 1.0.0 1.0.0.x
mahara / mahara 1.0.1 1.0.1.x
mahara / mahara 1.0.10 1.0.10.x
mahara / mahara 1.0.11 1.0.11.x
mahara / mahara 1.0.12 1.0.12.x
mahara / mahara 1.0.13 1.0.13.x
mahara / mahara 1.0.2 1.0.2.x
mahara / mahara 1.0.3 1.0.3.x
mahara / mahara 1.0.4 1.0.4.x
mahara / mahara 1.0.5 1.0.5.x
mahara / mahara 1.0.6 1.0.6.x
mahara / mahara 1.0.7 1.0.7.x
mahara / mahara 1.0.8 1.0.8.x
mahara / mahara 1.1.0 1.1.0.x
mahara / mahara 1.1.0-alpha1 1.1.0-alpha1.x
mahara / mahara 1.1.0-alpha2 1.1.0-alpha2.x
mahara / mahara 1.1.0-alpha3 1.1.0-alpha3.x
mahara / mahara 1.1.0-beta1 1.1.0-beta1.x
mahara / mahara 1.1.0-beta2 1.1.0-beta2.x
mahara / mahara 1.1.0-beta3 1.1.0-beta3.x
mahara / mahara 1.1.0-beta4 1.1.0-beta4.x
mahara / mahara 1.1.0-rc1 1.1.0-rc1.x
mahara / mahara 1.1.0-rc2 1.1.0-rc2.x
mahara / mahara 1.1.1 1.1.1.x
mahara / mahara 1.1.2 1.1.2.x
mahara / mahara 1.1.3 1.1.3.x
mahara / mahara 1.1.4 1.1.4.x
mahara / mahara 1.1.5 1.1.5.x
mahara / mahara 1.1.6 1.1.6.x
mahara / mahara 1.1.7 1.1.7.x
mahara / mahara 1.1.8 1.1.8.x
mahara / mahara 1.2.0 1.2.0.x
mahara / mahara 1.2.0-alpha1 1.2.0-alpha1.x
mahara / mahara 1.2.0-alpha2 1.2.0-alpha2.x
mahara / mahara 1.2.0-alpha3 1.2.0-alpha3.x
mahara / mahara 1.2.0-beta1 1.2.0-beta1.x
mahara / mahara 1.2.0-beta2 1.2.0-beta2.x
mahara / mahara 1.2.0-beta3 1.2.0-beta3.x
mahara / mahara 1.2.0-beta4 1.2.0-beta4.x
mahara / mahara 1.2.0-rc1 1.2.0-rc1.x
mahara / mahara 1.2.1 1.2.1.x
mahara / mahara 1.2.2 1.2.2.x
mahara / mahara 1.2.3 1.2.3.x
mahara / mahara 1.2.4 1.2.4.x