Main Vulnerability Database Vulnerabilities #VU51479

#VU51479 Authentication bypass using an alternate path or channel in Moodle - CVE-2021-20282

Published: March 15, 2021

Vulnerability identifier: #VU51479

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-20282

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error that allowed newly created users to bypass email verification process without having an access to the verification email link/secret. A remote attacker can register an account with an email address of other users and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=419653

#VU51479 Authentication bypass using an alternate path or channel in Moodle - CVE-2021-20282

Description

Remediation

External links

Please verify you're human