CVE-2011-4587

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	1.9.1 (including)	1.9.1 (including)
Moodle	Moodle	1.9.2 (including)	1.9.2 (including)
Moodle	Moodle	1.9.3 (including)	1.9.3 (including)
Moodle	Moodle	1.9.4 (including)	1.9.4 (including)
Moodle	Moodle	1.9.5 (including)	1.9.5 (including)
Moodle	Moodle	1.9.6 (including)	1.9.6 (including)
Moodle	Moodle	1.9.7 (including)	1.9.7 (including)
Moodle	Moodle	1.9.8 (including)	1.9.8 (including)
Moodle	Moodle	1.9.9 (including)	1.9.9 (including)
Moodle	Moodle	1.9.10 (including)	1.9.10 (including)
Moodle	Moodle	1.9.11 (including)	1.9.11 (including)
Moodle	Moodle	1.9.12 (including)	1.9.12 (including)
Moodle	Moodle	1.9.13 (including)	1.9.13 (including)
Moodle	Moodle	1.9.14 (including)	1.9.14 (including)
Moodle	Moodle	2.0.0 (including)	2.0.0 (including)
Moodle	Moodle	2.0.1 (including)	2.0.1 (including)
Moodle	Moodle	2.0.2 (including)	2.0.2 (including)
Moodle	Moodle	2.0.3 (including)	2.0.3 (including)
Moodle	Moodle	2.0.4 (including)	2.0.4 (including)
Moodle	Moodle	2.0.5 (including)	2.0.5 (including)
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Ubuntu	hardy	*
Moodle	Ubuntu	lucid	*
Moodle	Ubuntu	maverick	*
Moodle	Ubuntu	natty	*
Moodle	Ubuntu	oneiric	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4587
CWE	https://cwe.mitre.org/data/definitions/255.html

Affected Software

References