Learn DNN / DotNetNuke

You need to Register for free and Login to post a message in the forum.

Forum

Forums
Search Forum
Advanced SearchTopicsPosts

Forums > Users Lounge > Announcements

4.3 and 3.3 - Upgrade asap - Vulnerability in DotNetNuke could allow access to user profile details

Last Post 08/04/2006 4:51 AM by Lee Sykes. 0 Replies.

Sort:

Check this box to subscribe to this topic.	Prev Next
You are not authorized to post a reply.

Author

Messages

Lee Sykes
DNN Creative Staff

Nuke Master VI
Posts:4945

08/04/2006 4:51 AM
I found this info on the DotNetNuke site, it recommends that you upgrade to the latest point release for 3.3 and 4.3 as a severe security issue has been found - details below http://dotnetnuke.com/SecurityPolic...fault.aspx Published: August 02, 2006 Version: 1.0 Maximum Severity Rating: Critical Background For the 3.3.3/4.3.3 releases of DotNetNuke, the membership/roles/provider components were significantly overhauled to allow better granularity of control, and to allow us to make a number of enhancements. Issue Summary During the process of rewriting the code to extend the Profile component, an authorization issue was introduced that could allow a user (including anonymous users) to access another users profile. Due to the seriousness of this issue, further details are not available, users of 3.3.3/4.3.3 are recommended to upgrade to 3.3.4/4.3.4. Mitigating factors N/A Affected DotNetNuke versions 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.3.0, 4.3.1, 4.3.2 ,4.3.3 Non-Affected Versions: All other versions Fix(s) for issue To fix this problem, you are recommended to update to the latest version of DotNetNuke (3.3.4/4.3.4 at time of writing)

Lee Sykes Site Administrator Subscribe to the website : DotNetNuke Video Tutorials : The Skinning Toolkit : DotNetNuke Podcasts Twitter: www.twitter.com/DNNCreative

You are not authorized to post a reply.

Forums > Users Lounge > Announcements

Latest Forum Posts

Can you Run Xcode in Linux? by Aman Singh

Can you Run Xcode in Linux?

Can you Run Xcode in Linux? by Aman Singh

Can you Run Xcode in Linux?

Billed for subscription that was canceled by Ryan

I was just billed for a subscription that was canc eled / inactivetive how do I get a refund for th

Meta Title and Meta Description are not showing properly by DNN User

Hi, On my site the meta title and meta descriptions are not showing properly. It's showing the m

Search is not functioning properly by DNN User

Site: https://www.prv-engineering.co.uk/search If I search any item only the 1st option under sea

Search is not functioning properly by DNN User

Site: https://www.prv-engineering.co.uk/search If I search any item only the 1st option under sea

DNN Platform import site optio by Melanie Weaver

Is it possible to import site template in DNN Platform 8.0? We have internal Evoq Content 8.1 tha

Events Module for DNN V5? by Tugboat

Would anyone have a download link for the version 5.0.3 Events Module? Thanks!

"Ghost" TabID Number? by Tugboat

Hi! I have a portal instance with multiple child portals and on one of the child portals, there i

RE: DNN Load Testing by ayman sharkawy

Hi. Have you already implemented a site using the DNN . And how the performance of the site and its

Publish All Pages by NSUOK

I'm using DNN Evoq Content Basic 8.2.0. When I make the HTML Pro module display on all pages, I h

Simpler profile needed in 9.2.2 by Donald

We are upgrading a DNN 4.8.4 site to DNN 9.2.2. On 4.8.4, the top bar shows the user’s name. If yo

How to link from dnnmodal popup to web site page? by Donald

Hello all. I am using a dnnmodal.show popup. The popup works correctly, showing the content that I

RE: Document Collaboration by Nick Davern

That feature would be super beneficial for our needs as well! Does anyone have an update as to if th

RE: DNN 9.2, how to set default theme? by Andy Stephenson DNN Creative

you do that under "Manage/Themes". Note the highlight blue border around the default container and d

DNN 9.2, how to set default theme? by Donald

Please disregard, found Manage Themes I cannot find how to set a default portal theme in DNN 9.2

RE: Looking for DataSprings Dynamic Forms by Andy Stephenson DNN Creative

Your best chance would be to contact Chad Nash @ http://www.datasprings.com/

Looking for DataSprings Dynamic Forms by Jakir HM

Looking for DataSprings Dynamic Forms 3.4 for DNN 4.x 5.x for my site (https://themasters2018s.com/)

RE: Help with Cycle Image Carousel not displaying images by peter

I had the same problem with the Will Strohl Content Slider after upgrading to DNN 9.1 The above an

RE: Object reference not set to an instance of an object by Andy Stephenson DNN Creative

Check this one might be useful: http://www.dnnsoftware.com/answers/im-tryin-to-move-my-site-to-pr

Used
By

Testimonials

| The SoloCoder Podcast | Google | Privacy Statement | Terms Of Use