Improper Handling of HTTPS URL in Mahara before 1.3.6 Allows Credential Sniffing
CVE-2011-1406 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
Learn more about our Network Penetration Testing.