CVE Vulnerabilities

CVE-2011-4590

Improper Authentication

Published: Jul 20, 2012 | Modified: Dec 01, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.0.0 (including) 2.0.0 (including)
Moodle Moodle 2.0.1 (including) 2.0.1 (including)
Moodle Moodle 2.0.2 (including) 2.0.2 (including)
Moodle Moodle 2.0.3 (including) 2.0.3 (including)
Moodle Moodle 2.0.4 (including) 2.0.4 (including)
Moodle Moodle 2.0.5 (including) 2.0.5 (including)
Moodle Ubuntu hardy *
Moodle Ubuntu lucid *
Moodle Ubuntu maverick *
Moodle Ubuntu natty *
Moodle Ubuntu oneiric *

Potential Mitigations

References