CVE-2010-1613
Published: 29 April 2010
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Notes
Author | Note |
---|---|
kees | MSA-10-0009 http://tracker.moodle.org/browse/MDL-21788 |
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(1.9.9.dfsg2-2)
|
|
oneiric |
Not vulnerable
(1.9.9.dfsg2-2)
|
|
precise |
Not vulnerable
(1.9.9.dfsg2-2)
|
|
quantal |
Not vulnerable
(1.9.9.dfsg2-2)
|
|
raring |
Not vulnerable
(1.9.9.dfsg2-2)
|
|
saucy |
Not vulnerable
(1.9.9.dfsg2-2)
|
|
upstream |
Released
(1.9.8)
|