PT-2010-3283 · Moodle · Moodle

Publicado

2010-04-29

·

Atualizado

2022-05-13

·

CVE-2010-1613

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Moodle versions 1.8.x through 1.9.7
Description The issue makes it easier for remote attackers to conduct session fixation attacks because a specific security setting is not enabled by default.
Recommendations For Moodle versions 1.8.x through 1.9.7, enable the "Regenerate session id during login" setting to mitigate the risk of session fixation attacks.

Correção

Session Fixation

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384CWE-287

Identificadores relacionados

CVE-2010-1613
DSA-2115-1
GHSA-J5RC-CR5W-VFG6

Produtos afetados

Moodle