Description

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

Remediation

References

CVE-2014-7845

Related Vulnerabilities

MySQL CVE-2020-2660 Vulnerability (CVE-2020-2660)

WordPress Plugin Email Before Download SQL Injection (3.6)

WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)

WordPress Plugin WP-Lister Lite for Amazon Cross-Site Scripting (2.4.3)

Jboss EAP CVE-2018-1304 Vulnerability (CVE-2018-1304)

Severity

High

Classification

CVE-2014-7845

Tags

Missing Update Known Vulnerabilities