Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle 3.0.x < 3.0.6 Authentication Bypass

Low

Synopsis

The remote web server is hosting a web application that is vulnerable to an authentication bypass attack vector.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 3.0.x prior to 3.0.6 are affected by a flaw that is due to the program failing to invalidate user tokens after a password change is performed. This may allow an attacker who had compromised a user's account to have their access persist after the password has been changed.

Solution

Upgrade to Moodle version 3.0.6 or later.