ID CVE-2011-4587
Summary lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.
References
Vulnerable Configurations
  • cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.14:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 13-02-2023 - 01:21)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm
debian DSA-2421
Last major update 13-02-2023 - 01:21
Published 20-07-2012 - 10:40
Last modified 13-02-2023 - 01:21
Back to Top