Vulnerabilities > CVE-2014-7845 - Credentials Management vulnerability in Moodle

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
moodle
CWE-255
NVD
Published: 2014-11-24
Updated: 2024-11-21

Summary

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

Vulnerable Configurations

Part Description Count
Application
Moodle
165

Common Weakness Enumeration (CWE)

References