Hardcoded credentials

2012-07-1710:20:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script’s source code within the open-source software distribution.

CPENameOperatorVersion
moodleeq2.0.2
moodleeq1.9.4
moodleeq1.9.1
moodleeq1.9.6
moodleeq1.9.9
moodleeq2.0.1
moodleeq1.9.11
moodleeq2.1.2
moodleeq2.0.4
moodleeq1.9.2