Topic: | Chat disclosed full names of all system users including deleted users |
Severity: | Serious |
Versions affected: | < 2.1.2, < 2.0.5 (1.9.x not affected) |
Reported by: | Petr Škoda |
Issue no.: | MDL-27219 |
Solution: | upgrade to latest version |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=d0157d827bc254ba386a5e5b41b13be2698ee76e |
Workaround: | Do not use Chat |
Description:
Chat users could probe users' names by 'beep'ing their user ID.