Lucene search

MitreCVE-2009-4300

HistoryDec 16, 2009 - 1:30 a.m.

CVE-2009-4300

2009-12-1601:30:00

CWE-200

mitre

web.nvd.nist.gov

moodle

vulnerability

authentication

md5

password

hash

nvd

cve-2009-4300

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.005

Percentile

77.8%

JSON

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.

Affected configurations

Nvd

Node

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.8.9

moodlemoodleMatch1.8.10

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

VendorProductVersionCPE
moodlemoodle1.8.1cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
moodlemoodle1.8.2cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
moodlemoodle1.8.3cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
moodlemoodle1.8.4cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
moodlemoodle1.8.5cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
moodlemoodle1.8.7cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
moodlemoodle1.8.8cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
moodlemoodle1.8.9cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
moodlemoodle1.8.10cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
moodlemoodle1.9.1cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	1.8.1	cpe:2.3:a:moodle:moodle:1.8.1:::::::*
moodle	moodle	1.8.2	cpe:2.3:a:moodle:moodle:1.8.2:::::::*
moodle	moodle	1.8.3	cpe:2.3:a:moodle:moodle:1.8.3:::::::*
moodle	moodle	1.8.4	cpe:2.3:a:moodle:moodle:1.8.4:::::::*
moodle	moodle	1.8.5	cpe:2.3:a:moodle:moodle:1.8.5:::::::*
moodle	moodle	1.8.7	cpe:2.3:a:moodle:moodle:1.8.7:::::::*
moodle	moodle	1.8.8	cpe:2.3:a:moodle:moodle:1.8.8:::::::*
moodle	moodle	1.8.9	cpe:2.3:a:moodle:moodle:1.8.9:::::::*
moodle	moodle	1.8.10	cpe:2.3:a:moodle:moodle:1.8.10:::::::*
moodle	moodle	1.9.1	cpe:2.3:a:moodle:moodle:1.9.1:::::::*

Rows per page:

1-10 of 151

References

docs.moodle.org/en/Moodle_1.8.11_release_notes

docs.moodle.org/en/Moodle_1.9.7_release_notes

moodle.org/mod/forum/discuss.php?d=139105

secunia.com/advisories/37614

www.securityfocus.com/bid/37244

www.vupen.com/english/advisories/2009/3455

www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.005

Percentile

77.8%

JSON

Related for CVE-2009-4300