Description

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

Remediation

References

CVE-2011-4585

Related Vulnerabilities

WordPress Plugin YOP Poll Cross-Site Scripting (5.8.0)

WordPress Plugin Payment Gateways Caller for WP e-Commerce Local File Inclusion (0.1)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3313)

WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.4)

Severity

Medium

Classification

CVE-2011-4585

Tags

Missing Update Known Vulnerabilities