Moodle · Moodle · CVE-2011-4585
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 1.9.x through 1.9.14
**Description**
The issue concerns the change-password form in the login/change password.php file. It does not utilize https for encryption, even when the httpslogin option is enabled. This oversight allows remote attackers to intercept credentials by sniffing the network.
**Recommendations**
For Moodle versions 1.9.x through 1.9.14, update to version 1.9.15 or later to resolve the issue.