Welcome to DNN Sharp Blog


... Our fun way to keep you on top of what's happening in our world

Tuesday, February 28, 2017

Security update: DNN user registration vulnerability

As you may have already read the article here, DNN announced through a Security Bulletin that the email addresses, display names and usernames of all your users can be uncovered on a typical DNN and Evoq install. 

In standard configuration, only the 3 items mentioned above can be revealed, while in Custom “Registration Form Type”, most of the registration properties are vulnerable. However, passwords can NOT be uncovered in any case. This issue is present since DNN 6.2 and has been fixed in DNN 9.0.2. The fix is also available for older versions as a patch.


After careful investigation by our developers, we are proud to announce that this vulnerability is not present in our products. This issue relates only to DNN extensions which define a custom register module. As neither Action Form, nor any other DNN Sharp product implements this type of module, all products are unaffected by this security matter.


DNN recommends to at least apply the patch here, even if you don’t upgrade. According to DNN, the patch updates the registration system to correct the vulnerability. It also creates a test page under Host to verify if you are patched.


As usual, we take these issues very seriously and concentrate our resources to maintain the high quality of our products and services. Should you have any questions or observations regarding this matter, contact us here.



Print
0 Comments
Rate this article:
No rating

Categories: General NewsNumber of views: 612

Tags:

Alina SlapciuAlina Slapciu

Other posts by Alina Slapciu

Contact author

Leave a comment

Name:
Email:
Comment:
Add comment

Name:
Email:
Subject:
Message:
x
«September 2017»
MonTueWedThuFriSatSun
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678


Our latest news and gossips, must-reads, tutorials and how-tos, as well as other random awesomeness from across the DNN world...

Stay in the loop subscribing to our newsletter!






About Us

DNN Sharp is a leading provider with a proven track record in defining, designing and developing DNN Modules catering for a passionate community of thousands of users.

While our core focus is on DNN modules, our mission is to provide top quality products complemented by fast and reliable Customer support. We listen to our Customers and produce a variety of solutions to meet the complex needs of our global audience.


 Refer a Friend