CVE-2009-4300

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
http://docs.moodle.org/en/Moodle_1.8.11_release_notes	Patch
http://moodle.org/mod/forum/discuss.php?d=139105
http://secunia.com/advisories/37614	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
http://www.securityfocus.com/bid/37244	Patch
http://docs.moodle.org/en/Moodle_1.9.7_release_notes	Patch
http://www.vupen.com/english/advisories/2009/3455	Patch Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle:1.8.1:::::::*
	cpe:2.3:a:moodle:moodle:1.8.2:::::::*
	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
	cpe:2.3:a:moodle:moodle:1.8.4:::::::*
	cpe:2.3:a:moodle:moodle:1.8.7:::::::*
	cpe:2.3:a:moodle:moodle:1.9.1:::::::*
	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
	cpe:2.3:a:moodle:moodle:1.8.8:::::::*
	cpe:2.3:a:moodle:moodle:1.8.9:::::::*
	cpe:2.3:a:moodle:moodle:1.8.10:::::::*
	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
	cpe:2.3:a:moodle:moodle:1.8.5:::::::*
	cpe:2.3:a:moodle:moodle:1.8.3:::::::*

Information

Published : 2009-12-15 17:30

Updated : 2020-12-01 06:43

NVD link : CVE-2009-4300

Mitre link : CVE-2009-4300

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

moodle

moodle

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html", "name": "FEDORA-2009-13040", "tags": [], "refsource": "FEDORA"}, {"url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", "name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://moodle.org/mod/forum/discuss.php?d=139105", "name": "http://moodle.org/mod/forum/discuss.php?d=139105", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/37614", "name": "37614", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html", "name": "FEDORA-2009-13080", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.securityfocus.com/bid/37244", "name": "37244", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", "name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/3455", "name": "ADV-2009-3455", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html", "name": "FEDORA-2009-13065", "tags": [], "refsource": "FEDORA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4300", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-12-16T01:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-12-01T14:43Z"}