Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Maharas built-in login form, still allowing users to log in even if their institution was expired or suspended.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mahara | Mahara | 15.04-rc1 (including) | 15.04-rc1 (including) |
| Mahara | Mahara | 15.04-rc2 (including) | 15.04-rc2 (including) |
| Mahara | Mahara | 15.04.0 (including) | 15.04.0 (including) |
| Mahara | Mahara | 15.04.1 (including) | 15.04.1 (including) |
| Mahara | Mahara | 15.04.2 (including) | 15.04.2 (including) |
| Mahara | Mahara | 15.04.3 (including) | 15.04.3 (including) |
| Mahara | Mahara | 15.04.4 (including) | 15.04.4 (including) |
| Mahara | Mahara | 15.04.5 (including) | 15.04.5 (including) |
| Mahara | Mahara | 15.04.6 (including) | 15.04.6 (including) |
| Mahara | Mahara | 15.04.7 (including) | 15.04.7 (including) |