|Release Date:||2013-12-30 (Last update can be found below the document title)|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Exposure of Sensitive Information|
|Systems Affected:||Canvas LMS|
Secure Ideas https://www.secureideas.com/
A username harvesting vulnerability was reported by a third party. This vulnerability could potentially allow an attacker to discover what usernames are valid Canvas accounts, narrowing the required scope of a second attack.
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.