Vulnerabilities > CVE-2014-0008 - Credentials Management vulnerability in Moodle
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-1396.NASL description Fix for CVE-2014-0008,9,10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-01-31 plugin id 72226 published 2014-01-31 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72226 title Fedora 20 : moodle-2.5.4-1.fc20 (2014-1396) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1377.NASL description Fix for CVE-2014-0008,9,10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-01-31 plugin id 72225 published 2014-01-31 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72225 title Fedora 19 : moodle-2.4.8-1.fc19 (2014-1377)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
- http://openwall.com/lists/oss-security/2014/01/20/1
- http://www.securitytracker.com/id/1029647
- https://moodle.org/mod/forum/discuss.php?d=252414