Description
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sniplets Multiple Input Validation Vulnerabilities (1.2.2)
WordPress Plugin Acunetix Secure WordPress Cross-Site Scripting (3.0.3)
Oracle Application Server Other Vulnerability (CVE-2002-0566)
WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.38)