Vulnerabilities > CVE-2014-0008 - Credentials Management vulnerability in Moodle

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
moodle
CWE-255
nessus

Summary

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

Vulnerable Configurations

Part Description Count
Application
Moodle
140

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1396.NASL
    descriptionFix for CVE-2014-0008,9,10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-31
    plugin id72226
    published2014-01-31
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72226
    titleFedora 20 : moodle-2.5.4-1.fc20 (2014-1396)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1377.NASL
    descriptionFix for CVE-2014-0008,9,10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-31
    plugin id72225
    published2014-01-31
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72225
    titleFedora 19 : moodle-2.4.8-1.fc19 (2014-1377)