Description
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.
Remediation
References
Related Vulnerabilities
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
ReviveAdserver Other Vulnerability (CVE-2016-9471)
OpenSSL Improper Authentication Vulnerability (CVE-2009-0591)
phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-4558)
WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO Security Bypass (2.1.9.7)