Security Announcements

MSA-09-0023: User account disclosure in LAMS module

 
 
Picture of Helen Foster
MSA-09-0023: User account disclosure in LAMS module
 
Topic: User account disclosure in LAMS module
Severity/Risk: Major
Versions affected: <1.8.11 and <1.9.7
Reported by: internal code review
Issue no.: MDL-20924
Solution: upgrade to 1.8.11 or 1.9.7
Workaround: uninstall module and delete mod/lams directory


Description:
LAMS module code discloses username, firstname and lastname database fields from user table. This information could be used in other types of attacks.