CVE-2011-4287
First published: Mon Jul 16 2012(Updated: )
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle | =2.0.2 | |
| Moodle | =2.0.1 | |
| Moodle | =2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-4287?
CVE-2011-4287 is considered a medium severity vulnerability due to the potential for unauthorized access to user accounts.
How do I fix CVE-2011-4287?
To fix CVE-2011-4287, upgrade your Moodle installation to version 2.0.3 or later, where the vulnerability is addressed.
What versions of Moodle are affected by CVE-2011-4287?
CVE-2011-4287 affects Moodle versions 2.0.0, 2.0.1, and 2.0.2.
What is the main issue described in CVE-2011-4287?
The main issue in CVE-2011-4287 is that autosubscribed users are not required to change their initial passwords, making it easier for attackers to gain access.
Who is at risk from CVE-2011-4287?
Users of Moodle versions 2.0.0 through 2.0.2 who have autoubscribed accounts are at risk from CVE-2011-4287.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/moodle
- canonical/moodle
- version/moodle/2.0.2
- version/moodle/2.0.1
- version/moodle/2.0.0