PT-2018-10126 · Moodle · Moodle

Helen Foster

Published

2018-04-04

Updated

2022-05-13

CVE-2018-1082

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle versions 3.3 through 3.3.4 Moodle versions 3.4 through 3.4.1

Description A flaw was found in the authentication process. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

Recommendations For Moodle versions 3.3 through 3.3.4, update to a version that fixes this issue. For Moodle versions 3.4 through 3.4.1, update to a version that fixes this issue.

Fix

Improper Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-287

Related Identifiers

CVE-2018-1082

GHSA-QH8M-6G4P-33H3

Affected Products

Moodle

PT-2018-10126 · Moodle · Moodle

CVE-2018-1082

Weakness Enumeration

Related Identifiers

Affected Products

References · 11