4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
Moodle is vulnerable to the bypass of the force-password-change requirement. Even when a password is forced to be changed on login, its possible for the temporary password to be used to create web service tokens, thus extending the life of the temporary password.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.5.9 | |
moodle/moodle | le | 2.8.3 | |
moodle/moodle | le | 2.7.5 | |
moodle/moodle | le | 2.6.8 |