CVE-2009-4300: Infoleak
First published: Wed Dec 16 2009(Updated: )
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =1.9.4 | |
| Moodle | =1.9.1 | |
| Moodle | =1.8.8 | |
| Moodle | =1.9.6 | |
| Moodle | =1.8.2 | |
| Moodle | =1.9.2 | |
| Moodle | =1.8.5 | |
| Moodle | =1.8.3 | |
| Moodle | =1.8.9 | |
| Moodle | =1.8.7 | |
| Moodle | =1.8.10 | |
| Moodle | =1.9.3 | |
| Moodle | =1.9.5 | |
| Moodle | =1.8.4 | |
| Moodle | =1.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://moodle.org/mod/forum/discuss.php?d=139105
- http://secunia.com/advisories/37614
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://www.securityfocus.com/bid/37244
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://www.vupen.com/english/advisories/2009/3455
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
Frequently Asked Questions
What is the severity of CVE-2009-4300?
CVE-2009-4300 has a medium severity due to the potential exposure of user credentials.
How do I fix CVE-2009-4300?
To fix CVE-2009-4300, upgrade Moodle to version 1.8.11 or 1.9.7 or later.
Which versions are affected by CVE-2009-4300?
CVE-2009-4300 affects Moodle versions 1.8.x before 1.8.11 and 1.9.x before 1.9.7.
What are the implications of CVE-2009-4300?
The implications of CVE-2009-4300 include potential unauthorized access to user accounts through compromised password hashes.
Is there a patch available for CVE-2009-4300?
Yes, upgrading to the patched versions of Moodle will resolve the vulnerabilities outlined in CVE-2009-4300.
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/moodle
- canonical/moodle
- version/moodle/1.9.4
- version/moodle/1.9.1
- version/moodle/1.8.8
- version/moodle/1.9.6
- version/moodle/1.8.2
- version/moodle/1.9.2
- version/moodle/1.8.5
- version/moodle/1.8.3
- version/moodle/1.8.9
- version/moodle/1.8.7
- version/moodle/1.8.10
- version/moodle/1.9.3
- version/moodle/1.9.5
- version/moodle/1.8.4
- version/moodle/1.8.1