Vulnerabilities > CVE-2012-0794 - Credentials Management vulnerability in Moodle
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-0913.NASL description CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796 CVE-2012-0797 CVE-2012-0798 CVE-2012-0799 CVE-2012-0800 CVE-2012-0801 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-03 plugin id 57815 published 2012-02-03 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57815 title Fedora 16 : moodle-2.0.7-1.fc16 (2012-0913) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-0913. # include("compat.inc"); if (description) { script_id(57815); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_bugtraq_id(51450); script_xref(name:"FEDORA", value:"2012-0913"); script_name(english:"Fedora 16 : moodle-2.0.7-1.fc16 (2012-0913)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796 CVE-2012-0797 CVE-2012-0798 CVE-2012-0799 CVE-2012-0800 CVE-2012-0801 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=783532" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/072726.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?156020df" ); script_set_attribute( attribute:"solution", value:"Update the affected moodle package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"moodle-2.0.7-1.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-0939.NASL description CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796 CVE-2012-0797 CVE-2012-0798 CVE-2012-0799 CVE-2012-0800 CVE-2012-0801 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-02-03 plugin id 57816 published 2012-02-03 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57816 title Fedora 15 : moodle-1.9.16-1.fc15 (2012-0939) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-0939. # include("compat.inc"); if (description) { script_id(57816); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_bugtraq_id(51450); script_xref(name:"FEDORA", value:"2012-0939"); script_name(english:"Fedora 15 : moodle-1.9.16-1.fc15 (2012-0939)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2012-0792 CVE-2012-0793 CVE-2012-0794 CVE-2012-0795 CVE-2012-0796 CVE-2012-0797 CVE-2012-0798 CVE-2012-0799 CVE-2012-0800 CVE-2012-0801 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=783532" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/072712.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a12f56b9" ); script_set_attribute( attribute:"solution", value:"Update the affected moodle package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"moodle-1.9.16-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2421.NASL description Several security issues have been fixed in Moodle, a course management system for online learning : - CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php. - CVE-2011-4584 MNet authentication didn last seen 2020-03-17 modified 2012-03-01 plugin id 58172 published 2012-03-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58172 title Debian DSA-2421-1 : moodle - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2421. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(58172); script_version("1.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-4308", "CVE-2011-4584", "CVE-2011-4585", "CVE-2011-4586", "CVE-2011-4587", "CVE-2011-4588", "CVE-2012-0792", "CVE-2012-0793", "CVE-2012-0794", "CVE-2012-0795", "CVE-2012-0796"); script_bugtraq_id(50283, 50923, 51450, 51840); script_xref(name:"DSA", value:"2421"); script_name(english:"Debian DSA-2421-1 : moodle - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several security issues have been fixed in Moodle, a course management system for online learning : - CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php. - CVE-2011-4584 MNet authentication didn't prevent a user using 'Login as' from jumping to a remove MNet SSO. - CVE-2011-4585 Darragh Enright discovered that the change password form was send in over plain HTTP even if httpslogin was set to 'true'. - CVE-2011-4586 David Michael Evans and German Sanchez Gances discovered CRLF injection/HTTP response splitting vulnerabilities in the Calendar module. - CVE-2011-4587 Stephen Mc Guiness discovered empty passwords could be entered in some circumstances. - CVE-2011-4588 Patrick McNeill discovered that IP address restrictions could be bypassed in MNet. - CVE-2012-0796 Simon Coggins discovered that additional information could be injected into mail headers. - CVE-2012-0795 John Ehringer discovered that email addresses were insufficiently validated. - CVE-2012-0794 Rajesh Taneja discovered that cookie encryption used a fixed key. - CVE-2012-0793 Eloy Lafuente discovered that profile images were insufficiently protected. A new configuration option 'forceloginforprofileimages' was introduced for that." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4308" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0792" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4584" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4585" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4586" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4587" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-4588" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0796" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0795" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0794" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-0793" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/moodle" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2421" ); script_set_attribute( attribute:"solution", value: "Upgrade the moodle packages. For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:moodle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"moodle", reference:"1.9.9.dfsg2-2.1+squeeze3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");