Moodle is vulnerable to information disclosure. The attacks exist because the forum_print_latest_discussions
function in mod/forum/lib.php
does not check for individual answer-posting requirements. This allows a authenticated user to view the username of the user who last posted without permission.