CVE-2011-4584
Moodle 1.9.x < 1.9.15, 2.0.x < 2.0.6, 2.1.x < 2.1.3 - Authenticated User Impersonation via MNET Login As Feature
Title source: llmDescription
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=761248
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=10df8657c1c138c0d0ab1d4796c552fcec0c299b
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2421
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=191751
Scores
EPSS
0.0024
EPSS Percentile
46.9%
Details
CWE
CWE-264
Status
published
Products (23)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 13 more
Published
Jul 20, 2012
Tracked Since
Feb 18, 2026