Vulnerability Description
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 1.8.1 |
Related Weaknesses (CWE)
References
- http://docs.moodle.org/en/Moodle_1.8.11_release_notesPatch
- http://docs.moodle.org/en/Moodle_1.9.7_release_notesPatch
- http://moodle.org/mod/forum/discuss.php?d=139105
- http://secunia.com/advisories/37614Vendor Advisory
- http://www.securityfocus.com/bid/37244Patch
- http://www.vupen.com/english/advisories/2009/3455PatchVendor Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.h
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.h
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.h
- http://docs.moodle.org/en/Moodle_1.8.11_release_notesPatch
- http://docs.moodle.org/en/Moodle_1.9.7_release_notesPatch
- http://moodle.org/mod/forum/discuss.php?d=139105
- http://secunia.com/advisories/37614Vendor Advisory
- http://www.securityfocus.com/bid/37244Patch
- http://www.vupen.com/english/advisories/2009/3455PatchVendor Advisory
FAQ
What is CVE-2009-4300?
CVE-2009-4300 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugi...
How severe is CVE-2009-4300?
CVE-2009-4300 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4300?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.