2018-01-30 19:00:00
mitre
PUBLISHED
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a users ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.