A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to magic hash values.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Moodle | Moodle | * | 4.1.13 (excluding) |
Moodle | Moodle | 4.2.0 (including) | 4.2.10 (excluding) |
Moodle | Moodle | 4.3.0 (including) | 4.3.7 (excluding) |
Moodle | Moodle | 4.4.0 (including) | 4.4.3 (excluding) |