CVE-2010-1670

2010-07-0600:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.8%

JSON

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has
improper configuration options for authentication plugins associated with
logins that use the single sign-on (SSO) functionality, which allows remote
attackers to bypass authentication via an empty password. NOTE: some of
these details are obtained from third party information.

OSVersionArchitecturePackageVersionFilename
ubuntu9.04noarchmahara< 1.0.9-2ubuntu0.7UNKNOWN
ubuntu9.10noarchmahara< 1.1.5-1ubuntu0.3UNKNOWN
ubuntu10.04noarchmahara< 1.2.4-1ubuntu0.1UNKNOWN