|Topic:||Login information can be sent unsecured when site is configured to use SSL for logins|
|Versions affected:||<1.8.11 and <1.9.7|
|Reported by:||Mike Churchward|
|Solution:||upgrade to 1.8.11 or 1.9.7|
Mike Churchward described a potential problem and proposed a solution that prevents sending of password via unsecured connection when SSL required only for logins.