CVE-2011-4587
Moodle 1.9.x < 1.9.15, 2.0.x < 2.0.6, 2.1.x < 2.1.3 - Unauthenticated Account Access via Blank Password Policy Bypass
Title source: llmDescription
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=761248
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=191755
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2421
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e079e82c087becf06d902089d14f3f76686bde19
Scores
EPSS
0.0067
EPSS Percentile
71.5%
Details
CWE
CWE-255
Status
published
Products (23)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 13 more
Published
Jul 20, 2012
Tracked Since
Feb 18, 2026