CVE-2010-1670

CVSS 7.5 - HIGH

Description

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor	Product	Version
mahara	mahara	`All versions`
mahara	mahara	`0.9.0`
mahara	mahara	`0.9.1`
mahara	mahara	`0.9.2`
mahara	mahara	`1.0.0`
mahara	mahara	`1.0.1`
mahara	mahara	`1.0.2`
mahara	mahara	`1.0.3`
mahara	mahara	`1.0.4`
mahara	mahara	`1.0.5`
mahara	mahara	`1.0.6`
mahara	mahara	`1.0.7`
mahara	mahara	`1.0.8`
mahara	mahara	`1.0.9`
mahara	mahara	`1.0.10`
mahara	mahara	`1.0.11`
mahara	mahara	`1.0.12`
mahara	mahara	`1.0.13`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.1`
mahara	mahara	`1.1.2`
mahara	mahara	`1.1.3`
mahara	mahara	`1.1.4`
mahara	mahara	`1.1.5`
mahara	mahara	`1.1.6`
mahara	mahara	`1.1.7`
mahara	mahara	`1.1.8`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.0`
mahara	mahara	`1.2.1`
mahara	mahara	`1.2.2`
mahara	mahara	`1.2.3`
mahara	mahara	`1.2.4`