Moodle · Moodle · CVE-2012-2357
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.1.x through 2.1.5
Moodle versions 2.2.x through 2.2.2
**Description**
The issue concerns the Multi-Authentication feature in the Central Authentication Service (CAS) functionality. It does not utilize HTTPS, allowing remote attackers to obtain credentials by sniffing the network.
**Recommendations**
For Moodle versions 2.1.x through 2.1.5, update to version 2.1.6 or later.
For Moodle versions 2.2.x through 2.2.2, update to version 2.2.3 or later.