CVE-2014-0008
CVE-2014-0008
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.htmlhttp://openwall.com/lists/oss-security/2014/01/20/1https://moodle.org/mod/forum/discuss.php?d=252414http://www.securitytracker.com/id/1029647