CVE-2011-4585

Published: Jul 20, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=761248

x_refsource_CONFIRM

DSA-2421

vendor-advisory

x_refsource_DEBIAN

http://moodle.org/mod/forum/discuss.php?d=191752

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=01dd64a8c8aa95f793accea371b2392e662663c5

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-4585

Description

Affected Products

References