5

CVE-2012-0794

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoodleMoodle Version1.9.1
MoodleMoodle Version1.9.2
MoodleMoodle Version1.9.3
MoodleMoodle Version1.9.4
MoodleMoodle Version1.9.5
MoodleMoodle Version1.9.6
MoodleMoodle Version1.9.7
MoodleMoodle Version1.9.8
MoodleMoodle Version1.9.9
MoodleMoodle Version1.9.10
MoodleMoodle Version1.9.11
MoodleMoodle Version1.9.12
MoodleMoodle Version1.9.13
MoodleMoodle Version1.9.14
MoodleMoodle Version1.9.15
MoodleMoodle Version2.0.0
MoodleMoodle Version2.0.1
MoodleMoodle Version2.0.2
MoodleMoodle Version2.0.3
MoodleMoodle Version2.0.4
MoodleMoodle Version2.0.5
MoodleMoodle Version2.0.6
MoodleMoodle Version2.1.0
MoodleMoodle Version2.1.1
MoodleMoodle Version2.1.2
MoodleMoodle Version2.1.3
MoodleMoodle Version2.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.4% 0.689
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2012/dsa-2421
https://bugzilla.redhat.com/show_bug.cgi?id=783532
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=98456628a24bba25d336860d38a45b5a4e3895da
http://moodle.org/mod/forum/discuss.php?d=194013
Vendor Advisory