Summary
This host is running Moodle and is prone to session fixation vulnerability
Impact
Successful exploitation will allow remote attackers to conduct session fixation attacks.
Impact level: System/Application
Solution
Upgrade to latest version 1.9.8
http://download.moodle.org/
Insight
The flaws are exists due to:
- failure to enable 'Regenerate session id during login', which can be exploited to conduct session fixation attacks.
- creating new roles when restoring a course, which allows teachers to create new accounts if they do not have the 'moodle/user:create' capability.
Affected
Moodle version 1.8.12 and prior
Moodle version 1.9.x prior to 1.9.8
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1613, CVE-2010-1616 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities