Security announcements

MSA-11-0045: Potential to masquerade through MNet

 
My mug
MSA-11-0045: Potential to masquerade through MNet
 
Topic: MNET auth and "Login As" functionality
Severity: Minor
Versions affected: 2.1 to 2.1.2+, 2.0 to 2.0.5+, 1.9 to 1.9.14+
Reported by: vickerylm
Issue no.: MDL-29977
Changes (master): http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b
Workaround: Turn off MNet or "Login as"

Description:

MNET authentication didn't prevent a user using "Login As" from jumping to a remote MNET SSO, such as an enabled Mahara site.