CVE-2017-1000141 - Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara

Publication

2018-01-30

Last modification

2018-06-13

Summary

An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.

Classification

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:P/A:P)

Medium

6.4

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Mahara Mahara  1.9.8 , 15.10.6 , 16.04.8 , 15.04.11 , 1.0.11 , 0.9.2 , 1.3.6 , 1.10.10 , 1.9 , 16.10.7 , 17.04.5 , 1.0.15 , 1.9.6 , 1.10.0 , 15.10.8 , 1.2.8 , 1.4.2 , 16.04.3 , 1.3.3 , 16.04.4 , 16.10.3 , 16.10.6 , 1.4.6 , 1.6.9 , 15.10.0 , 17.10.1 , 15.10.5 , 16.04.5 , 1.1.3 , 1.3.7 , 1.0.4 , 1.4.4 , 15.04.12 , 1.4.1 , 1.7.2 , 1.0.10 , 1.1.2 , 1.7.4 , 1.9.3 , 15.04.13 , 1.5.11 , 1.8.0 , 15.04.15 , 17.04.4 , 15.04.6 , 1.0.5 , 1.1.6 , 1.6.3 , 1.9.0 , 1.4.0 , 1.9.5 , 1.1 , 1.2.3 , 1.6.4 , 15.10.3 , 0.9.1 , 1.0.8 , 16.10.8 , 1.3.4 , 1.2.2 , 1.5.2 , 1.8.1 , 15.04 , 15.04.9 , 1.2.1 , 1.0.6 , 17.10.0 , 1.4 , 1.3.0 , 1.0.13 , 16.10 , 1.0.12 , 16.04.7 , 1.0.14 , 1.3.5 , 0.9.0 , 1.7. , 1.8.5 , 1.10.2 , 1.2.7 , 1.5.9 , 15.04.2 , 17.04.6 , 1.6.7 , 1.0.7 , 1.9.2 , 1.5.4 , 1.6.5 , 1.10.9 , 16.04.9 , 16.10.1 , 1.10.7 , 1.0.1 , 17.04.2 , 1.0.3 , 1.7.8 , 15.04.8 , 15.04.7 , 1.8.7 , 1.10 , 1.7.3 , 15.10.4 , 1.1.0 , 17.10.3 , 17.04.7 , 15.04.0 , 1.6.10 , 1.0.2 , 1.5.7 , 15.04.1 , 1.4.5 , 1.0.0 , 1.5.0 , 15.04.5 , 16.04.6 , 1.7.1 , 16.04.2 , 1.9.7 , 16.10.2 , 1.1.4 , 17.10.4 , 17.04 , 1.6.1 , 1.7.0 , 1.8.2 , 1.10.1 , 1.8.6 , 1.10.8 , 1.5.3 , 1.5.10 , 1.10.4 , 17.04.0 , 1.5.12 , 16.10.5 , 1.1.5 , 17.10.2 , 17.04.3 , 1.3.2 , 1.6.8 , 16.10.4 , 1.5.6 , 1.8.3 , 1.2.0 , 1.2.6 , 1.5.1 , 16.04.0 , 1.2.5 , 1.2.9 , 1.7.7 , 1.3.1 , 1.5.8 , 18.04.0 , 1.7.5 , 1.10.3 , 1.10.6 , 1.7.6 , 1.1.9 , 1.1.1 , 1.6.6 , 1.6.2 , 1.8.4 , 15.10 , 15.10.7 , 17.04.1 , 1.2.4 , 15.10.2 , 15.10.1 , 1.1.7 , 16.04.1 , 1.9.4 , 1.0.9 , 1.6.0 , 16.10.9 , 15.04.14 , 1.1.8 , 1.9.1 , 1.9.9 , 1.5.13 , 1.8 , 15.04.10 , 15.04.3 , 16.04 , 1.5 , 1.4.3 , 1.10.5 , 1.3.8 , 16.10.0 , 15.04.4