Описание
Moodle Lesson activity password bypass through PHP loose comparison
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.
Пакеты
moodle/moodle
< 4.1.13
4.1.13
moodle/moodle
>= 4.2.0-beta, < 4.2.10
4.2.10
moodle/moodle
>= 4.3.0-beta, < 4.3.7
4.3.7
moodle/moodle
>= 4.4.0-beta, < 4.4.3
4.4.3
EPSS
6.3 Medium
CVSS4
5.4 Medium
CVSS3
CVE ID
Дефекты
Связанные уязвимости
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.
A flaw was found in Moodle. When restricting access to a lesson activi ...
Уязвимость виртуальной обучающей среды Moodle, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти процесс аутентификации
EPSS
6.3 Medium
CVSS4
5.4 Medium
CVSS3