A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.