CVE-2009-4300
N/A
N/A
Summary
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://moodle.org/mod/forum/discuss.php?d=139105
- http://www.vupen.com/english/advisories/2009/3455
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://www.securityfocus.com/bid/37244
References
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://moodle.org/mod/forum/discuss.php?d=139105
- http://www.vupen.com/english/advisories/2009/3455
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://www.securityfocus.com/bid/37244
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.