CVE-2009-4302
N/A
N/A
Summary
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://moodle.org/mod/forum/discuss.php?d=139107
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://www.vupen.com/english/advisories/2009/3455
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://www.securityfocus.com/bid/37244
References
- http://moodle.org/mod/forum/discuss.php?d=139107
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://www.vupen.com/english/advisories/2009/3455
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://www.securityfocus.com/bid/37244
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.