CVE-2011-4585
Published: 20 July 2012
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
quantal |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
raring |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
saucy |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://moodle.org/mod/forum/discuss.php?d=191752 |