CVE-2016-7038

Name of the Vulnerable Software and Affected Versions Moodle versions 2.x through 3.x

Description The issue concerns the failure to invalidate web service tokens when a user's password is changed or forced to be changed.

Recommendations For Moodle versions 2.x through 3.x, consider manually revoking and reissuing web service tokens after a password change to prevent unauthorized access until a proper fix is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.