Aaron Barnes

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.11 and earlier, 2.5.x before 2.5.9, 2.6.x before 2.6.6, 2.7.x before 2.7.3 **Description** The issue concerns the `generate password` function, which does not provide a sufficient number of possible temporary passwords. This allows remote attackers to obtain access via a brute-force attack. **Recommendations** For versions 2.4.11 and earlier, update to a version later than 2.4.11. For versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For versions 2.7.x before 2.7.3, update to version 2.7.3 or later.