Advisories ยป MGASA-2017-0100

Updated phpmyadmin packages fix security vulnerability

Publication date: 03 Apr 2017
Modification date: 03 Apr 2017
Type: security
Affected Mageia releases : 5

Description

A vulnerability was discovered where the restrictions caused by
$cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain
PHP versions. This can allow the login of users who have no password set
even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword']
to false (which is also the default).
                

References

SRPMS

5/core