Published: September 10, 2008
Edited : Febuary 24, 2009 - Added note about 5.0 missing relevant code.
Version: 1.1
Maximum Severity Rating: Low
Background
When a DotNetNuke portal is installed the version number if displayed on the link to first access the portal.
Issue Summary
Under some circumstances it was possible to view the install wizard page, allowing potential hackers to view the portal number. This information could be useful to hackers attempting to profile an application.
Mitigating factors
N/a
Affected DotNetNuke versions
- 4.0 - 4.8.4
- 5.0 - Note: the code was put in place for 4.9, but was not correctly merged into the 5.0 (cambrian) branch. This issue was resolved in 5.0.1
Non-Affected Versions:
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.9.2/5.0.1 at time of writing)
Acknowledgments
N/A
Security Policy
Click here to read more details on the DotNetnuke Security Policy