|Topic:||Disclosure of full user names|
|Severity/Risk:||Minor - privacy|
|Versions affected:||<1.8.12 and <1.9.8|
|Reported by:||Klaus Kirchner|
|Solution:||upgrade to 1.8.12 or 1.9.8|
|Workaround:||apply patch http://cvs.moodle.org/moodle/user/view.php?r1=18.104.22.168&r2=22.214.171.124|
Klaus Kirchner identified a problem in the course profile page which allowed ordinary users to find out names of other users - see http://moodle.org/mod/forum/discuss.php?d=145967 for more details.