Main Vulnerability Database Vulnerabilities #VU43837

Credentials management in Moodle - CVE-2011-4587

Published: July 20, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43837

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-4587

CWE-ID: CWE-255

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

How to mitigate CVE-2011-4587

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git;a=commit;h=e079e82c087becf06d902089d14f3f76686bde19
http://moodle.org/mod/forum/discuss.php?d=191755
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=761248

Credentials management in Moodle - CVE-2011-4587

Detailed vulnerability description

How to mitigate CVE-2011-4587

Sources

Please verify you're human