CVE-2017-1000171 Information

Description

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

Vulnerability Type (CWE)

CWE-532

Published

2017-11-03

Last Modified

2017-11-22

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

9.8 CRITICAL

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

References

https://github.com/MaharaProject/mahara-mobile/issues/33 (Third Party Advisory)