Candidate: CVE-2010-1613
PublicDate: 2010-04-29 21:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1613
Description:
 Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session
 id during login" setting by default, which makes it easier for remote
 attackers to conduct session fixation attacks.
Ubuntu-Description:
Notes:
 kees> MSA-10-0009 http://tracker.moodle.org/browse/MDL-21788
Bugs:
Priority: low
Discovered-by: Sascha Herzog
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (1.9.8)
dapper_moodle: ignored (reached end-of-life)
hardy_moodle: ignored (reached end-of-life)
jaunty_moodle: ignored (reached end-of-life)
karmic_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
maverick_moodle: ignored (reached end-of-life)
natty_moodle: not-affected (1.9.9.dfsg2-2)
oneiric_moodle: not-affected (1.9.9.dfsg2-2)
precise_moodle: not-affected (1.9.9.dfsg2-2)
quantal_moodle: not-affected (1.9.9.dfsg2-2)
raring_moodle: not-affected (1.9.9.dfsg2-2)
saucy_moodle: not-affected (1.9.9.dfsg2-2)
devel_moodle: not-affected (1.9.9.dfsg2-2)