Candidate: CVE-2014-0008
PublicDate: 2014-01-20 15:14:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0008
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
 https://moodle.org/mod/forum/discuss.php?d=252414
 http://openwall.com/lists/oss-security/2014/01/20/1
Description:
 lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before
 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote
 authenticated administrators to obtain sensitive information by reading the
 Config Changes Report.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Andrew Steele
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
upstream_moodle: released (2.4.8, 2.5.4, 2.6.1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1])
utopic_moodle: not-affected (2.5.4-1)
vivid_moodle: not-affected (2.5.4-1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.4-1)
xenial_moodle: not-affected (2.5.4-1)
yakkety_moodle: not-affected (2.5.4-1)
zesty_moodle: not-affected (2.5.4-1)
devel_moodle: not-affected (2.5.4-1)