ATutor

ATutor 151 Security Patch

• greg
  

  2005-09-15 17:28:33

  ATutor 151 Security Patch

  *ATutor 1.5.1 Users*
  Users of ATutor 1.5.1 are advised to apply a patch to the password_reminder.php file to remove a critical vulnerability that could allow a non-authorized user to gain access to the administrative features of ATutor when magic_quotes is disabled in PHP.
  
  Replace the current password_reminder.php file with the new version (removing the .txt extension) found at:
  
  http://www.atutor.ca/atutor/files/patches/password_reminder.php.txt
  
  *ATutor 1.5 and earlier*
  Users of earlier versions of ATutor are advised to upgrade to ATutor version 1.5.1.pl1 to correct the problem.
  
  ATutor 1.5.1.pl1 Download
  http://www.atutor.ca/atutor/download.php
  
  Note:
  If your system is running with magic_quotes turned on (the default) this vulnerability does not apply. It will likely be applicable for those running on hosted servers where older PHP settings are being maintained.

• tschee
  

  2005-09-18 00:58:43

  1.5.1 patch

  While applying the patch as instructed, I noticed from my web log that my password_reminder.php file has been accessed 13 times. Will this jeopardize my atutor system? I am in the midst of preparing my courseware so it has not been uploaded yet.

• greg
  

  2005-09-18 09:21:55

  Change your password

  It is highly unlikely your system has been compromised. To remove any possibility, you could change your administrator password.