CVE-2011-4287

Priority
Medium
Description
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force
password changes for autosubscribed users, which makes it easier for remote
attackers to obtain access by leveraging knowledge of the initial password
of a new user.
References
Notes
jdstrand> moodle 2.0 only
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-4)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-07-19 16:14:39 UTC (commit 5536)