4.3 and 3.3 - Upgrade asap - Vulnerability in DotNetNuke could allow access to user profile details > DotNetNuke Forum, DNN Creative Magazine, Video Tutorials, Skins, Module Reviews

You need to Register for free and Login to post a message in the forum.

Unanswered Active Topics

Forums Search

Forums > Users Lounge > Announcements

Subject: 4.3 and 3.3 - Upgrade asap - Vulnerability in DotNetNuke could allow access to user profile details

Email me when someone replies to this thread.

Prev Next

You are not authorized to post a reply.

Author

Messages

leesykes
DNN Creative Staff

Nuke Master III
Posts:3325

04 Aug 2006 4:51 AM
I found this info on the DotNetNuke site, it recommends that you upgrade to the latest point release for 3.3 and 4.3 as a severe security issue has been found - details below http://dotnetnuke.com/SecurityPolicy/SecurityBulletins/tabid/976/Default.aspx Published: August 02, 2006 Version: 1.0 Maximum Severity Rating: Critical Background For the 3.3.3/4.3.3 releases of DotNetNuke, the membership/roles/provider components were significantly overhauled to allow better granularity of control, and to allow us to make a number of enhancements. Issue Summary During the process of rewriting the code to extend the Profile component, an authorization issue was introduced that could allow a user (including anonymous users) to access another users profile. Due to the seriousness of this issue, further details are not available, users of 3.3.3/4.3.3 are recommended to upgrade to 3.3.4/4.3.4. Mitigating factors N/A Affected DotNetNuke versions 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.3.0, 4.3.1, 4.3.2 ,4.3.3 Non-Affected Versions: All other versions Fix(s) for issue To fix this problem, you are recommended to update to the latest version of DotNetNuke (3.3.4/4.3.4 at time of writing)

Lee Sykes Site Administrator Subscribe to the website : DotNetNuke Video Tutorials : The Skinning Toolkit : DotNetNuke Podcasts Twitter: www.twitter.com/leesykes

You are not authorized to post a reply.

Forums > Users Lounge > Announcements > 4.3 and 3.3 - Upgrade asap - Vulnerability in DotNetNuke could allow access to user profile details

ActiveForums 3.7

Subscribe to the website - Sign up now for just £39/$78 per year!

RE: Reversing Limited Access to the Admin Menu by wynnjon

OK-So I've updated the TABS table entries in the database and set the previously modified entries (t...

RE: localhost Install issues by leesykes

If you go to the subscribe page and click on the get free trial button - this takes you to a page wh...

localhost Install issues by cdees

I've set up a local host and want to run DNN for a local development machine. The host is set up; h...

RE: Reversing Limited Access to the Admin Menu by wynnjon

That is what I thought. So for my clients that will need to manage user accounts, I can not limit t...

RE: Reversing Limited Access to the Admin Menu by leesykes

I seem to recall it doesn't work

RE: Reversing Limited Access to the Admin Menu by wynnjon

Thanks Lee- I will give that a try.An additional question- If you place the "User Accounts" page un...

RE: Reversing Limited Access to the Admin Menu by leesykes

all you need to do is reverse the process within the SQL tables.Compare the data to the other rows i...

RE: Module not working when logged off. by leesykes

thanks for the info,

Reversing Limited Access to the Admin Menu by wynnjon

Hi! I followed the tutorial for limiting the access to the admin menu. What a great thing!However,...

RE: Trouble installing! Designer trying to be a Developer. by leesykes

glad to hear you found a solution, thanks,

RE: Skim Question by leesykes

You could but you will not be able to have an XHTML compliant page as the SolpartMenu is non-complia...

RE: Include in Menu - Weird Request by leesykes

For your sitemap.xml file - use GSiteCrawlerYou could create the site map before moving the sub menu...

RE: Trouble installing! Designer trying to be a Developer. by awright14

It looks like I had ASP installed in the wrong order. Copying and pasting this into the Run Command...

RE: Need Help Changing Containers Contentpane's Text Color by leesykes

Hello,Have you tried adding a class to the content area of your container and then styling the p, a,...

RE: Vertical SolpartMenu by leesykes

hello,If you wish to display the admin and host menus within the house menu, you need to enable it i...

RE: Firefox Does Not Display WMV File In Media Module by leesykes

Hello,I have just tested this and I can play a wmv file in Firefox 3.0.3, so it does suggest that it...

RE: advice wanted convert site to DNN while keeping existing asp functionality by leesykes

You could try using the IFrame module in DotNetNuke and then just link the IFrame to the current pag...

RE: Need Help Changing Containers Contentpane's Text Color by CROKeefe

Thanks for the quick update... I know it looks broken right now, but I had the TITLE classes working...

RE: Need Help Changing Containers Contentpane's Text Color by leesykes

The default class for a container is .head so you will find that the .head class will override any s...

RE: Module not working when logged off. by t.ramya85

have to set the cache time to '0' in that module setting.

Forum

Latest Forum Posts

Friends

Menu