| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 27 Feb 2010 23:34:44 -0000 From: mori@...sporan.net To: bugtraq@...urityfocus.com Subject: Re: Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0) We have determined that Realname module and Realname userreference module do not share information that should be hidden. After all, both account->name and realname fields are _intended_ for display. Therefore this is not considered a vulnerability. Mori Sugimoto (http://drupal.org/user/82971 ) Drupal Security Team Coordinator
Powered by blists - more mailing lists