PT-2016-1295 · Moodle · Moodle
Us3R777
+1
·
Publicado
2015-09-23
·
Atualizado
2022-05-13
·
CVE-2015-5267
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.6.11 and earlier, 2.7.x before 2.7.10, 2.8.x before 2.8.8, 2.9.x before 2.9.2
Description
The issue is related to the implementation of the
random string and complex random string functions in the Moodle learning management system, which relies on the PHP mt rand function. This weakness can be exploited by a remote attacker to predict password-recovery tokens using a brute-force approach, potentially allowing them to obtain a user's password.Recommendations
For Moodle versions 2.6.11 and earlier, update to version 2.7.10 or later.
For Moodle versions 2.7.x before 2.7.10, update to version 2.7.10 or later.
For Moodle versions 2.8.x before 2.8.8, update to version 2.8.8 or later.
For Moodle versions 2.9.x before 2.9.2, update to version 2.9.2 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Moodle