Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4587

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4587
Last Modified 20 Jul 2012 09:17:35
Published 20 Jul 2012 06:40:35
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4587

Summary

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Vulnerable Systems

Application

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.10

  • Moodle 1.9.11

  • Moodle 1.9.12

  • Moodle 1.9.13

  • Moodle 1.9.14

  • Moodle 1.9.2

  • Moodle 1.9.3

  • Moodle 1.9.4

  • Moodle 1.9.5

  • Moodle 1.9.6

  • Moodle 1.9.7

  • Moodle 1.9.8

  • Moodle 1.9.9

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.0.5

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2


References

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=e079e82c087becf06d902089d14f3f76686bde19

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=761248

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=191755


Last Updated: 27 May 2016 10:54:55