10 matches found
BIT-MOODLE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
Moodle 4.3.x < 4.3.5 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle 4.4.x < 4.4.1 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle 4.1.x < 4.1.11 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
Moodle 4.2.x < 4.2.8 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 4.1.11, 4.2.x prior to 4.2.8, or 4.3.x prior to 4.3.5 or 4.4.x prior to 4.4.1. It is, therefore, affected by multiple vulnerabilities. - A unique key should be generated for a user's QR login key and...
GHSA-R82W-3PHG-QVR4 Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
Moodle uses the same key for QR login and auto-login
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...
CVE-2024-38277
Moodle vulnerability CVE-2024-38277 concerns the QR login key and the auto-login key: a single key must not be reused between them. Connected docs (BIT-MOODLE-2024-38277) describe this exact issue, but do not provide concrete fix/version details. The impact/mitigation specifics are not fully disc...
LY Corporation: Missing ownership check in 2FA for secondary client login
Secondary clients such as LINE for Windows/Mac require 2FA at first login. However, due to insufficient verification logic on the server-side, the attacker was able to bypass 2FA after the attacker succeeds QR login by tricking the victim to click a specially crafted URL...