Description
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4301)
OpenSSL Cryptographic Issues Vulnerability (CVE-2011-5095)
WordPress Plugin Doctor Appointment Booking Multiple Vulnerabilities (1.0.0)
WordPress Plugin CM Pop-Up banners for WordPress SQL Injection (1.5.10)