Lucene search
HistoryMay 27, 2014 - 12:55 a.m.
CVE-2014-0214
moodle
login/token.php
vulnerability
remote attack
session hijacking
6.3 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.5%
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
Related
prion
prion
Code injection
2014-05-27 00:55:00
cvelist
cvelist
CVE-2014-0214
2014-05-27 00:00:00
github
github
Moodle creates a MoodleMobile web-service token with an infinite lifetime
2022-05-13 01:12:51
ubuntucve
ubuntucve
CVE-2014-0214
2014-05-27 00:00:00
veracode
veracode
Session Hijack
2017-07-30 22:47:08
osv
osv
Moodle creates a MoodleMobile web-service token with an infinite lifetime
2022-05-13 01:12:51
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0230)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2014-6585
2014-06-02 00:00:00
Fedora Update for moodle FEDORA-2014-6577
2014-06-02 00:00:00
mageia
mageia
Updated moodle packages fix multiple vulnerabilities
2014-05-19 22:46:11
nessus
nessus
Fedora 19 : moodle-2.4.10-1.fc19 (2014-6577)
2014-05-30 00:00:00
Fedora 20 : moodle-2.5.6-1.fc20 (2014-6585)
2014-05-30 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: moodle-2.5.6-1.fc20
2014-05-29 23:27:45
[SECURITY] Fedora 19 Update: moodle-2.4.10-1.fc19
2014-05-29 23:27:02
[SECURITY] Fedora 20 Update: moodle-2.5.9-1.fc20
2014-11-25 15:30:01
6.3 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.5%
Related for CVE-2014-0214