QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4587

Published: Jul 20, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=761248

x_refsource_CONFIRM

http://moodle.org/mod/forum/discuss.php?d=191755

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e079e82c087becf06d902089d14f3f76686bde19

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.