CVE-2022-30600

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description A flaw was found in the logic used to count failed login attempts, which could result in the account lockout threshold being bypassed. This issue is related to the implementation of the core auth class in the Moodle virtual learning environment, specifically with the limitations of excessive authentication attempts. Exploitation of this issue may allow a remote attacker to bypass security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-682

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2022-2502

ALT-PU-2022-2553

BDU:2022-03182

BIT-MOODLE-2022-30600

CVE-2022-30600

GHSA-W37F-PVVX-WCWM

Affected Products

Alt Linux

Moodle

Red Os

CVE-2022-30600

Weakness Enumeration

Related Identifiers

Affected Products

References · 32