Description

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

Remediation

References

CVE-2009-4304

Related Vulnerabilities

WordPress Plugin WebP Express Unspecified Vulnerability (0.14.21)

Oracle Database Server CVE-2006-1875 Vulnerability (CVE-2006-1875)

WordPress Plugin User Activity Log Multiple Cross-Site Scripting Vulnerabilities (1.4.6)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4573)

Magento Improper Input Validation Vulnerability (CVE-2019-7899)

Severity

High

Classification

CVE-2009-4304

Tags

Missing Update Known Vulnerabilities