auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-07-23 14:55
Updated : 2023-02-12 20:34
NVD link : CVE-2012-3394
Mitre link : CVE-2012-3394
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
moodle
- moodle