Description

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

Remediation

References

CVE-2011-4585

Related Vulnerabilities

Joomla Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2016-10033)

MySQL CVE-2018-2576 Vulnerability (CVE-2018-2576)

Oracle Database Server CVE-2009-1019 Vulnerability (CVE-2009-1019)

WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)

WordPress Plugin Ad Blocker Notify Lite Cross-Site Scripting (2.4.0)

Severity

Medium

Classification

CVE-2011-4585

Tags

Missing Update Known Vulnerabilities