CVE-2010-1670

Mahara < 1.0.14 - Authentication Bypass

Title source: rule

Description

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

References (5)

[Vendor Advisory] http://secunia.com/advisories/40431

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/41319

[Third Party Advisory] http://wiki.mahara.org/Release_Notes/1.0.15

[Third Party Advisory] http://wiki.mahara.org/Release_Notes/1.1.9

[Third Party Advisory] http://wiki.mahara.org/Release_Notes/1.2.5

Scores

EPSS 0.0044

EPSS Percentile 63.0%

Classification

CWE

CWE-287

Status draft

Affected Products (48)

mahara/mahara < 1.0.14

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

... and 33 more

Timeline

Published Jul 06, 2010

Tracked Since Feb 18, 2026