CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
81.0%
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and
2.1.x before 2.1.3 does not properly handle certain zero values in the
password policy, which makes it easier for remote attackers to obtain
access by leveraging the possible existence of user accounts that have
unchangeable blank passwords.