Improper Handling of HTTPS URL in Mahara before 1.3.6 Allows Credential Sniffing

Improper Handling of HTTPS URL in Mahara before 1.3.6 Allows Credential Sniffing

CVE-2011-1406 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.

Learn more about our Network Penetration Testing.