Pages about WebAuth

• WebAuth Overview
• WebAuth Features
• WebAuth News
• Obtaining WebAuth
• WebAuth FAQ

WebAuth Reference

• WebAuth Module
• WebAuth LDAP Module
• WebAuth Protocol
• WebKDC Module
• webauth-info archives

• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Jobs
  • Contact info
• INTERNAL
• SEARCH

  • Search IT Services:
     

• IT Services
• WebAuth
• Security Advisories

Stanford WebAuth Security Advisories

2009-09-10

WebAuth 3.5.5, 3.6.0, and 3.6.1 have a security vulnerability in the WebLogin server that can, in rare situations, expose the user's password in the URL and from there to the browser history and to WebAuth-protected web sites. All WebLogin servers should be upgraded to WebAuth 3.6.2. See the full advisory for more information.