Lucene search
K

10 matches found

OSV
OSV
added 2025/08/08 6:0 a.m.2 views

BIT-MOODLE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS5.2AI score0.00243EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.5 views

Moodle 4.3.x < 4.3.5 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

8.8CVSS6.4AI score0.00455EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.6 views

Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

8.8CVSS6.4AI score0.00455EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.8 views

Moodle 4.1.x < 4.1.11 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

8.8CVSS6.4AI score0.00455EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.5 views

Moodle 4.2.x < 4.2.8 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...

8.8CVSS6.4AI score0.00455EPSS
Exploits0References15
OSV
OSV
added 2024/06/18 9:30 p.m.19 views

GHSA-R82W-3PHG-QVR4 Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

6.9CVSS6.7AI score0.00243EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/06/18 9:30 p.m.24 views

Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS6.9AI score0.00243EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/06/18 8:15 p.m.37 views

CVE-2024-38277

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

5.4CVSS0.00243EPSS
Exploits0References3
CVE
CVE
added 2024/06/18 7:49 p.m.70 views

CVE-2024-38277

Moodle vulnerability CVE-2024-38277 concerns the QR login key and the auto-login key: a single key must not be reused between them. Connected docs (BIT-MOODLE-2024-38277) describe this exact issue, but do not provide concrete fix/version details. The impact/mitigation specifics are not fully disc...

5.4CVSS6.6AI score0.00243EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2021/07/03 7:52 a.m.19 views

LY Corporation: Missing ownership check in 2FA for secondary client login

Secondary clients such as LINE for Windows/Mac require 2FA at first login. However, due to insufficient verification logic on the server-side, the attacker was able to bypass 2FA after the attacker succeeds QR login by tricking the victim to click a specially crafted URL...

6.8AI score
Exploits0
Rows per page
Query Builder