Register | Log In
Store Download Support Blogs Forums Contact
News > Security Policy > Security bulletin no41

Member only profile properties could be exposed under certain conditions

Published: June 14, 2010

Version: 1.0

Maximum Severity Rating: Low

Background

DotNetNuke refactored support for user profiles in 5.3.0.

Issue Summary

The code for the user profile properties has a bug where an unautheticated user could access member-only properties under certain configurations.

Mitigating factors

No member-only profile properties are exposed if all profile properties are set to member-only or admin.

Affected DotNetNuke versions

5.3.0 - 5.4.2

Non-Affected Versions:

All others

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.4.3 at time of writing).

Acknowledgments

Roger Selwyn

Security Policy

Click here to read more details on the DotNetNuke Security Policy

Attend A Webinar
Free Demo Site
Download DotNetNuke Professional Edition Trial
Have Someone Contact Me

Like Us on Facebook Join our Network on LinkedIn Follow DNN Corporate on Twitter Follow DNN on Twitter

Advertisers

Sponsors

DotNetNuke Corporation

DotNetNuke Corp. is the steward of the DotNetNuke open source project, the most widely adopted Web Content Management Platform for building web sites and web applications on Microsoft .NET. Organizations use DotNetNuke to quickly develop and deploy interactive and dynamic web sites, intranets, extranets and web applications. The DotNetNuke platform is available in a free Community and subscription-based Professional and Enterprise Editions with an Elite Support option. DotNetNuke Corp. also operates Snowcovered.com where users purchase third party apps for the platform.
Copyright © 2002-2012 DotNetNuke Corp. / Terms of Use / Privacy
Hosted by MaximumASP