CVE-2010-1613

CVE-2010-1613

EPSS 1.8%

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://moodle.org/security/http://www.vupen.com/english/advisories/2010/1107