2 matches found
Moodle 3.x Authentication Bypass Vulnerability (Mar 2018) - Windows
Suspended users with OAuth 2 authentication method can still log in to the site. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-1082
CVE-2018-1082 affects Moodle versions 3.4–3.4.1 and 3.3–3.3.4. The root cause is an OAuth2 login flow issue where a user once confirmed can still authenticate after suspension, allowing login to the site. The connected documents confirm the vulnerability details but do not provide a remediation o...