Description

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

Remediation

References

CVE-2009-4304

Related Vulnerabilities

WordPress Plugin Business Directory-Easy Listing Directories for WordPress PHP Object Injection (4.1.14)

Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-10862)

Apache HTTP Server Other Vulnerability (CVE-2002-1156)

WordPress 4.4 Cross-Site Scripting Vulnerability (4.4)

WordPress Plugin Activity Log Information Disclosure (2.2.12)

Severity

High

Classification

CVE-2009-4304

Tags

Missing Update Known Vulnerabilities