Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mahara | Mahara | * | 1.0.14 (including) |
| Mahara | Mahara | 0.9.0 (including) | 0.9.0 (including) |
| Mahara | Mahara | 0.9.1 (including) | 0.9.1 (including) |
| Mahara | Mahara | 0.9.2 (including) | 0.9.2 (including) |
| Mahara | Mahara | 1.0.0 (including) | 1.0.0 (including) |
| Mahara | Mahara | 1.0.1 (including) | 1.0.1 (including) |
| Mahara | Mahara | 1.0.2 (including) | 1.0.2 (including) |
| Mahara | Mahara | 1.0.3 (including) | 1.0.3 (including) |
| Mahara | Mahara | 1.0.4 (including) | 1.0.4 (including) |
| Mahara | Mahara | 1.0.5 (including) | 1.0.5 (including) |
| Mahara | Mahara | 1.0.6 (including) | 1.0.6 (including) |
| Mahara | Mahara | 1.0.7 (including) | 1.0.7 (including) |
| Mahara | Mahara | 1.0.8 (including) | 1.0.8 (including) |
| Mahara | Mahara | 1.0.9 (including) | 1.0.9 (including) |
| Mahara | Mahara | 1.0.10 (including) | 1.0.10 (including) |
| Mahara | Mahara | 1.0.11 (including) | 1.0.11 (including) |
| Mahara | Mahara | 1.0.12 (including) | 1.0.12 (including) |
| Mahara | Mahara | 1.0.13 (including) | 1.0.13 (including) |
| Mahara | Ubuntu | devel | * |
| Mahara | Ubuntu | jaunty | * |
| Mahara | Ubuntu | karmic | * |
| Mahara | Ubuntu | lucid | * |
| Mahara | Ubuntu | upstream | * |