EPSS
Percentile
55.9%
Moodle is vulnerable to credential sniffing. The multi-authentication feature in the Central Authentication Service (cas) of Moodle doesn’t use HTTPS, allowing attackers to find credentials by sniffing the network.
git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=895e76ea51c462c18ad66e0761ad76cd26a63ecf
git.moodle.org/gw?p=moodle.git;a=commit;h=895e76ea51c462c18ad66e0761ad76cd26a63ecf
openwall.com/lists/oss-security/2012/05/23/2