CVE-2011-4287

Priority
Medium
Description
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force
password changes for autosubscribed users, which makes it easier for remote
attackers to obtain access by leveraging knowledge of the initial password
of a new user.
References
Notes
 jdstrand> moodle 2.0 only
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-4)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:12 UTC (commit 9756)