6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.1%
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the “Regenerate session
id during login” setting by default, which makes it easier for remote
attackers to conduct session fixation attacks.
Author | Note |
---|---|
kees | MSA-10-0009 http://tracker.moodle.org/browse/MDL-21788 |