Security announcements

MSA-10-0003: Disclosure of full user names

 
Picture of Petr Skoda
MSA-10-0003: Disclosure of full user names
 
Topic: Disclosure of full user names
Severity/Risk: Minor - privacy
Versions affected: <1.8.12 and <1.9.8
Reported by: Klaus Kirchner
Issue no.: MDL-21830
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: apply patch http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29


Description:
Klaus Kirchner identified a problem in the course profile page which allowed ordinary users to find out names of other users - see http://moodle.org/mod/forum/discuss.php?d=145967 for more details.