QwikSec

Security Database

CVE

CWE

Training

CVE-2012-0794

Published: Jul 17, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://moodle.org/mod/forum/discuss.php?d=194013

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=98456628a24bba25d336860d38a45b5a4e3895da

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=783532

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.