Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-20945

All users locked out with latest 1.9.7 security update

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Not a bug
    • Affects Version/s: 1.9.6
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE

      Description

      Our school uses IMAP authentication. After applying the latest 1.9.7 security patch which prevents caching of passwords, all of our users were locked out.

      Among the notices for IMAP users was Notice: Unknown: Certificate failure for 172.16.20.76: unable to get local issuer certificate: /DC=org/DC=seattleacademy/CN=seattleacademy-ALPHA-CA (errflg=2) in Unknown on line 0

      Even the admin was not able to log in, and that account is not IMAP.

      Even though I will be able to hack around this issue, things are moving very quickly on these security issues and I would advise caution in making sure everything works on production site. Fortunately, this problem is only on our test servers so far.

      --Gary

        Attachments

          Activity

            People

            • Assignee:
              skodak Petr Skoda
              Reporter:
              ganderson Gary Anderson
              Tester:
              Nobody
              Participants:
              Component watchers:
              Jake Dallimore, Jun Pataleta
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: