Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3394

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3394
Last Modified 24 Jul 2012 01:04:46
Published 23 Jul 2012 05:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3394

Summary

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Systems

Application

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2

  • Moodle 2.1.3

  • Moodle 2.1.4

  • Moodle 2.1.5

  • Moodle 2.1.6

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.3


References

MLIST - [oss-security] 20120717 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7


Last Updated: 27 May 2016 10:54:57