Описание
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.9.9.dfsg2-6 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | not-affected | 1.9.9.dfsg2-6 |
| quantal | not-affected | 1.9.9.dfsg2-6 |
| raring | not-affected | 1.9.9.dfsg2-6 |
| saucy | not-affected | 1.9.9.dfsg2-6 |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
Связанные уязвимости
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use h ...
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
EPSS
5 Medium
CVSS2