Description

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

Remediation

References

CVE-2009-4304

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-0107)

WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Request Forgery (1.0.4)

WordPress Plugin Custom Post Type Relations Cross-Site Scripting (1.0)

MySQL CVE-2019-2968 Vulnerability (CVE-2019-2968)

Oracle Database Server CVE-2007-5509 Vulnerability (CVE-2007-5509)

Severity

High

Classification

CVE-2009-4304

Tags

Missing Update Known Vulnerabilities