Description

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.

Remediation

References

CVE-2009-4302

Related Vulnerabilities

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.5.4)

WordPress Plugin AI ChatBot Arbitrary File Deletion (4.9.2)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3680)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Security Bypass (5.7.26)

Oracle HTTP Server CVE-2019-2751 Vulnerability (CVE-2019-2751)

Severity

Medium

Classification

CVE-2009-4302

Tags

Missing Update Known Vulnerabilities