Vulnerability Description
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 2.5.0 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.ht
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.ht
- http://openwall.com/lists/oss-security/2014/01/20/1
- http://www.securitytracker.com/id/1029647
- https://moodle.org/mod/forum/discuss.php?d=252414PatchVendor Advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.ht
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.ht
- http://openwall.com/lists/oss-security/2014/01/20/1
- http://www.securitytracker.com/id/1029647
- https://moodle.org/mod/forum/discuss.php?d=252414PatchVendor Advisory
FAQ
What is CVE-2014-0008?
CVE-2014-0008 is a vulnerability with a CVSS score of 4.0 (MEDIUM). lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive...
How severe is CVE-2014-0008?
CVE-2014-0008 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0008?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.