Christophe

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0.x through 2.0.9 Moodle versions 2.1.x through 2.1.6 Moodle versions 2.2.x through 2.2.3 Moodle versions 2.3.x through 2.3.0 **Description** The issue allows remote attackers to obtain sensitive information by sniffing the network. This is due to the `auth/ldap/ntlmsso attempt.php` file redirecting users from an https LDAP login URL to an http URL. **Recommendations** For Moodle versions 2.0.x through 2.0.9, update to version 2.0.10 or later. For Moodle versions 2.1.x through 2.1.6, update to version 2.1.7 or later. For Moodle versions 2.2.x through 2.2.3, update to version 2.2.4 or later. For Moodle versions 2.3.x through 2.3.0, update to version 2.3.1 or later.