| Vulnerability Name: | CVE-2009-4302 (CCN-54707) | ||||||||||||||||||||||||
| Assigned: | 2009-12-02 | ||||||||||||||||||||||||
| Published: | 2009-12-02 | ||||||||||||||||||||||||
| Updated: | 2020-12-01 | ||||||||||||||||||||||||
| Summary: | login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-310 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Other | ||||||||||||||||||||||||
| References: | Source: CCN Type: Debian Bug report logs - #559531 moodle: Security fixes released Source: MITRE Type: CNA CVE-2009-4302 Source: CONFIRM Type: Patch http://docs.moodle.org/en/Moodle_1.8.11_release_notes Source: CONFIRM Type: Patch http://docs.moodle.org/en/Moodle_1.9.7_release_notes Source: CCN Type: MSA-09-0027 Login information can be sent unsecured even when site is configured to use SSL for logins Source: CONFIRM Type: Patch, Vendor Advisory http://moodle.org/mod/forum/discuss.php?d=139107 Source: CCN Type: SA37614 Moodle Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 37614 Source: CCN Type: SA38458 Debian Moodle Multiple Vulnerabilities Source: DEBIAN Type: DSA-1986-1 moodle -- several vulnerabilities Source: DEBIAN Type: DSA-1986 moodle -- several vulnerabilities Source: CCN Type: OSVDB ID: 61172 Moodle login/index_form.html HTTPS Port Link Weakness Cleartext Credential Remote Disclosure Source: BID Type: Patch 37244 Source: CCN Type: BID-37244 Moodle Multiple Vulnerabilities Source: VUPEN Type: Patch, Vendor Advisory ADV-2009-3455 Source: XF Type: UNKNOWN moodle-ssl-weak-security(54707) Source: FEDORA Type: Patch FEDORA-2009-13040 Source: FEDORA Type: Patch FEDORA-2009-13065 Source: FEDORA Type: Patch FEDORA-2009-13080 Source: SUSE Type: SUSE-SR:2010:004 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||