Skip navigation

STANFORD UNIVERSITY

INFORMATION TECHNOLOGY SERVICES

Stanford WebAuth Security Advisories

2013-05-15

WebAuth 4.4.1 through 4.5.2 have a security vulnerability in the WebLogin server when run under FastCGI if $REMUSER_REDIRECT is set in the configuration (not the default). All WebLogin servers should be upgraded to WebAuth 4.5.3 or patched with the patch included in the advisory. See the full advisory for more information.

2009-09-10

WebAuth 3.5.5, 3.6.0, and 3.6.1 have a security vulnerability in the WebLogin server that can, in rare situations, expose the user's password in the URL and from there to the browser history and to WebAuth-protected web sites. All WebLogin servers should be upgraded to WebAuth 3.6.2 or later. See the full advisory for more information.

Last modified Wednesday, 15-May-2013 04:40:46 PM

Stanford University Home Page