Moodle · Moodle · CVE-2011-4287
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.0.x through 2.0.2
**Description**
The issue allows remote attackers to obtain access by leveraging knowledge of the initial password of a new user, as the vulnerable software does not force password changes for autosubscribed users.
**Recommendations**
For Moodle versions 2.0.x through 2.0.2, update to version 2.0.3 or later to resolve the issue.