CVE-2011-4584

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	1.9.1 (including)	1.9.1 (including)
Moodle	Moodle	1.9.2 (including)	1.9.2 (including)
Moodle	Moodle	1.9.3 (including)	1.9.3 (including)
Moodle	Moodle	1.9.4 (including)	1.9.4 (including)
Moodle	Moodle	1.9.5 (including)	1.9.5 (including)
Moodle	Moodle	1.9.6 (including)	1.9.6 (including)
Moodle	Moodle	1.9.7 (including)	1.9.7 (including)
Moodle	Moodle	1.9.8 (including)	1.9.8 (including)
Moodle	Moodle	1.9.9 (including)	1.9.9 (including)
Moodle	Moodle	1.9.10 (including)	1.9.10 (including)
Moodle	Moodle	1.9.11 (including)	1.9.11 (including)
Moodle	Moodle	1.9.12 (including)	1.9.12 (including)
Moodle	Moodle	1.9.13 (including)	1.9.13 (including)
Moodle	Moodle	1.9.14 (including)	1.9.14 (including)
Moodle	Moodle	2.0.0 (including)	2.0.0 (including)
Moodle	Moodle	2.0.1 (including)	2.0.1 (including)
Moodle	Moodle	2.0.2 (including)	2.0.2 (including)
Moodle	Moodle	2.0.3 (including)	2.0.3 (including)
Moodle	Moodle	2.0.4 (including)	2.0.4 (including)
Moodle	Moodle	2.0.5 (including)	2.0.5 (including)
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Ubuntu	hardy	*
Moodle	Ubuntu	lucid	*
Moodle	Ubuntu	maverick	*
Moodle	Ubuntu	natty	*
Moodle	Ubuntu	oneiric	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4584
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References