-
Improvement
-
Resolution: Duplicate
-
Minor
-
None
-
2.0, 2.7.11, 2.8.1, 3.0, 3.2
-
MOODLE_20_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_30_STABLE, MOODLE_32_STABLE
config.html files were removed from all the plugin types back in Moodle 2 but the authentication plugins were missed. Occasionally we get reports in the tracker (usually from people running the Acunetix automated security checking tool) claiming that we have a source code disclosure vulnerability because of these files - they don't present a real security risk as all Moodle code is available due to the nature of open source and they do not disclose any private information. But... it is some pretty average code and one day it might be nice to get rid of it!