CVE-2012-0800
N/A
N/A
Summary
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://moodle.org/mod/forum/discuss.php?d=194019
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=6e9989dbd3f261b2e1586ff77b0bf22fc7091485
- https://bugzilla.redhat.com/show_bug.cgi?id=783532
References
- http://moodle.org/mod/forum/discuss.php?d=194019
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=6e9989dbd3f261b2e1586ff77b0bf22fc7091485
- https://bugzilla.redhat.com/show_bug.cgi?id=783532
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.