×
Kunena 5.1 Released (13 May 2018)

The Kunena team is pleased to announce Kunena 5.1.0 [K 5.1.0].
Please read the blog post for information: www.kunena.org/blog/192-kunena-5-1-released

×

Please Read This First:


This category is only for reporting defects with K 3.0.

Do not use this category:
  • to ask general questions about how to use K 3.0 or to ask when new versions of Kunena will be released;
  • to ask about other (older) versions of Kunena; or
  • if you have tried to install K 3.0 on J! 1.5; or
  • if you installed K 3.0 on a live, production site and you want your site restored to its previous state; or
  • if this website ( www.kunena.org ) works but works differently to how you expected.

You must include your K 3.0 configuration report; if you do not include your configuration report, your topic may be closed (locked) or deleted without any further warnings from the moderators.

Topics that have been closed (resolved) will be archived and no further discussion on those topics will be allowed.

Solved Security: Configuration setting "Allow Guests to see Userlist = No" does not prevent guests viewing the userlist

More
3 years 2 months ago - 3 years 2 months ago #1 by sozzled
The following setting

Kunena Forum: Configuration » Security » Security Settings » Allow Guests to see Userlist = No

is designed to prevent people seeing the list of users on your website. What it does is to disable the link that appears on the bottom of the forum page (see screenshot below)



But, even though the link is disabled, it is possible for guests to view the userlist by entering the URL
  • https://<yoursite>/forum/user/list

This can easily be tested but, for the sake of completeness, I am attaching my configuration report below.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 128M | Max file upload: 64M

Kunena menu details:

Warning: Spoiler! [ Click to expand ]

Joomla default template details : protostar | author: Kyle Ledbetter | version: 1.0 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 3.0.7 | creationdate: 2015-02-01

Kunena version detailed: Kunena 3.0.7 | 2015-02-01 [ Galah ]
| Kunena detailed configuration:

Warning: Spoiler! [ Click to expand ]
| Kunena integration settings:
Warning: Spoiler! [ Click to expand ]
| Joomla! detailed language files installed:
Warning: Spoiler! [ Click to expand ]

Third-party components: None

Third-party SEF components: None

Plugins: None

Modules: None


I will be interested to hear what the Kunena developers have to say about plugging this security hole. :)
Attachments:
Last edit: 3 years 2 months ago by sozzled.

Please Log in or Create an account to join the conversation.

More
More
3 years 2 months ago #3 by sozzled
I am pleased to see that 810 has found a solution to this issue and that it will be included in K 3.0.8. I am sure that a lot of people will be very happy when this security hole has been closed when K 3.0.8 is released. I hope that K 3.0.8 will be released very soon to address this security problem.

Please leave this topic open until K 3.0.8 has been released.

Thank you.

Please Log in or Create an account to join the conversation.

More
2 years 11 months ago #4 by sozzled
We can mark this one as solved and the topic can be archived.

Thanks, guys.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.182 seconds