Description

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

Remediation

References

CVE-2014-7845

Related Vulnerabilities

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-2666)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4301)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-5095)

WordPress Plugin Doctor Appointment Booking Multiple Vulnerabilities (1.0.0)

WordPress Plugin CM Pop-Up banners for WordPress SQL Injection (1.5.10)

Severity

High

Classification

CVE-2014-7845

Tags

Missing Update Known Vulnerabilities