** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-7410
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-7411 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1016253 Title: Don't send plaintext RSS password back to browser Status in Mahara ePortfolio: Fix Released Status in Mahara 1.5 series: Fix Released Status in Mahara 1.6 series: Fix Released Status in Mahara 1.7 series: Fix Released Bug description: The externalfeed block should protect user credentials when authenticated RSS feeds are used. The blocktype in Mahara 1.5.1 appears to store login credentials in cleartext within the database. This presents an unfortunate vulnerability that could give access to other systems should Mahara's database be compromised. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1016253/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
