Description
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
Remediation
References
Related Vulnerabilities
Plone CMS CVE-2011-2528 Vulnerability (CVE-2011-2528)
WordPress Plugin Real-Time Find and Replace Cross-Site Request Forgery (3.9)
Oracle JRE CVE-2017-10348 Vulnerability (CVE-2017-10348)
MySQL CVE-2012-1689 Vulnerability (CVE-2012-1689)
WordPress Plugin WPtouch Multiple Cross-Site Scripting Vulnerabilities (3.7.3)