Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4287

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4287
Last Modified 16 Jul 2012 12:00:00
Published 16 Jul 2012 06:28:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4287

Summary

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2


References

MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=175588

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da


Last Updated: 27 May 2016 10:56:36