CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
76.9%
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force
password changes for autosubscribed users, which makes it easier for remote
attackers to obtain access by leveraging knowledge of the initial password
of a new user.
Author | Note |
---|---|
jdstrand | moodle 2.0 only |