Description
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
Remediation
References
Related Vulnerabilities
OpenSSL Excessive Iteration Vulnerability (CVE-2023-3817)
WordPress Plugin Magic Fields Cross-Site Scripting (1.7.1)
WordPress Plugin Schema App Structured Data Unspecified Vulnerability (0.5.4)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)
Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)