First published: Fri Jul 20 2012(Updated: )
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | =2.0.2 | |
Moodle Moodle | =1.9.4 | |
Moodle Moodle | =1.9.1 | |
Moodle Moodle | =1.9.6 | |
Moodle Moodle | =1.9.9 | |
Moodle Moodle | =2.0.1 | |
Moodle Moodle | =1.9.11 | |
Moodle Moodle | =2.1.2 | |
Moodle Moodle | =2.0.4 | |
Moodle Moodle | =1.9.2 | |
Moodle Moodle | =1.9.12 | |
Moodle Moodle | =1.9.10 | |
Moodle Moodle | =2.0.3 | |
Moodle Moodle | =2.1.1 | |
Moodle Moodle | =1.9.3 | |
Moodle Moodle | =2.0.5 | |
Moodle Moodle | =1.9.13 | |
Moodle Moodle | =1.9.5 | |
Moodle Moodle | =1.9.14 | |
Moodle Moodle | =1.9.8 | |
Moodle Moodle | =1.9.7 | |
Moodle Moodle | =2.0.0 | |
Moodle Moodle | =2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.