Have abandoned patch 3032 because it was overkill for us.
** Changed in: mahara
Status: In Progress => Won't Fix
** Changed in: mahara
Milestone: 15.10.0 => None
** Changed in: mahara
Status: Won't Fix => Confirmed
** Changed in: mahara
Assignee: Leo Xiong (leoxiong) =>
** Changed in: mahara
Milestone: 15.04.1 = 15.10.0
** No longer affects: mahara/1.10
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on
** Changed in: mahara/1.10
Milestone: 1.10.3 = 1.10.4
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum
** Changed in: mahara/1.10
Milestone: 15.04.0 = 1.10.3
** Changed in: mahara
Milestone: 15.04.0 = 15.04.1
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara
** Changed in: mahara/1.10
Milestone: 1.10.0 = 1.11.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum
** No longer affects: mahara/1.8
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or
** Also affects: mahara/1.10
Importance: Undecided
Status: New
** No longer affects: mahara/1.9
** Changed in: mahara/1.10
Status: New = In Progress
** Changed in: mahara/1.10
Importance: Undecided = Low
** Changed in: mahara/1.10
Assignee: (unassigned) = Leo Xiong
** Changed in: mahara/1.9
Milestone: 1.9.0 = 1.10.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Also affects: mahara/1.8
Importance: Undecided
Status: New
** Also affects: mahara/1.9
Importance: Low
Assignee: Leo Xiong (leoxiong)
Status: In Progress
** Changed in: mahara/1.8
Milestone: None = 1.8.2
** Changed in: mahara/1.9
Milestone: 1.8.2 = 1.9.0
**
** Changed in: mahara
Assignee: (unassigned) = Leo Xiong (hello-w)
** Changed in: mahara
Status: Triaged = In Progress
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all
Leo is working on implementing scenario A, the limit on password reset
attempts per IP address in a given span of time.
We also conclude in an IRC discussion that it would be useful to have a
per-IP limit on *login* attempts as well. It's a slightly more subtle
case:
1. Username enumeration is
** Changed in: mahara
Milestone: 1.8.1 = 1.8.2
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Changed in: mahara
Milestone: 1.8.0 = 1.8.1
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Changed in: mahara
Milestone: 1.8rc1 = 1.8.0
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Changed in: mahara
Importance: Medium = Low
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before
** Summary changed:
- Bruteforce user enumeration vuln in password reset screen
+ Bruteforce username/email enumeration vuln in password reset screen
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions:
16 matches
Mail list logo