4.3 and 3.3 - Upgrade asap - Vulnerability in DotNetNuke could allow access to user profile details - DNN Creative Magazine for DotNetNuke - DotNetNuke Forum, DNN Creative Magazine, Video Tutorials, Skins, Module Reviews - Users Lounge - Announcements

Forums > Users Lounge > Announcements

4.3 and 3.3 - Upgrade asap - Vulnerability in DotNetNuke could allow access to user profile details

Last Post 08/04/2006 4:51 AM by Lee Sykes. 0 Replies.

Author

Messages

Lee Sykes
DNN Creative Staff

Nuke Master VI

Nuke Master VI
Posts:4945

08/04/2006 4:51 AM
I found this info on the DotNetNuke site, it recommends that you upgrade to the latest point release for 3.3 and 4.3 as a severe security issue has been found - details below http://dotnetnuke.com/SecurityPolic...fault.aspx Published: August 02, 2006 Version: 1.0 Maximum Severity Rating: Critical Background For the 3.3.3/4.3.3 releases of DotNetNuke, the membership/roles/provider components were significantly overhauled to allow better granularity of control, and to allow us to make a number of enhancements. Issue Summary During the process of rewriting the code to extend the Profile component, an authorization issue was introduced that could allow a user (including anonymous users) to access another users profile. Due to the seriousness of this issue, further details are not available, users of 3.3.3/4.3.3 are recommended to upgrade to 3.3.4/4.3.4. Mitigating factors N/A Affected DotNetNuke versions 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.3.0, 4.3.1, 4.3.2 ,4.3.3 Non-Affected Versions: All other versions Fix(s) for issue To fix this problem, you are recommended to update to the latest version of DotNetNuke (3.3.4/4.3.4 at time of writing)

Lee Sykes Site Administrator Subscribe to the website : DotNetNuke Video Tutorials : The Skinning Toolkit : DotNetNuke Podcasts Twitter: www.twitter.com/DNNCreative

Forums > Users Lounge > Announcements