CVE-2010-1613

Moodle < 1.9.8 - Authentication Bypass

Title source: rule

Description

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

References (3)

Scores

EPSS 0.0045
EPSS Percentile 63.2%

Classification

CWE
CWE-287
Status draft

Affected Products (19)

moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 4 more

Timeline

Published Apr 29, 2010
Tracked Since Feb 18, 2026