| Topic: | User account disclosure in LAMS module |
| Severity/Risk: | Major |
| Versions affected: | <1.8.11 and <1.9.7 |
| Reported by: | internal code review |
| Issue no.: | MDL-20924 |
| Solution: | upgrade to 1.8.11 or 1.9.7 |
| Workaround: | uninstall module and delete mod/lams directory |
Description:
LAMS module code discloses username, firstname and lastname database fields from user table. This information could be used in other types of attacks.