6.8
CVE-2011-4587
- EPSS 2.07%
- Veröffentlicht 20.07.2012 10:40:35
- Zuletzt bearbeitet 16.06.2026 23:35:05
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.07% | 0.789 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=761248
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e079e82c087becf06d902089d14f3f76686bde19
http://moodle.org/mod/forum/discuss.php?d=191755