Description

The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.

Remediation

References

CVE-2012-2357

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-8022)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13965)

Nginx Out-of-bounds Write Vulnerability (CVE-2022-41741)

WordPress Incorrect Default Permissions Vulnerability (CVE-2011-1762)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)

Severity

Medium

Classification

CVE-2012-2357 CWE-200

Tags

Missing Update Known Vulnerabilities