CVE-2012-3394
Moodle 2.0.x-2.0.10, 2.1.x-2.1.7, 2.2.x-2.2.4, 2.3.x-2.3.1 - Sensitive Info Exposure via LDAP Redirect
Title source: llmDescription
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76960
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49890
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/07/17/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54481
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7
Scores
EPSS
0.0043
EPSS Percentile
63.0%
Details
CWE
CWE-200
Status
published
Products (12)
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
moodle/moodle
2.1.3
moodle/moodle
2.1.4
moodle/moodle
2.1.5
moodle/moodle
2.1.6
moodle/moodle
2.2.0
moodle/moodle
2.2.1
moodle/moodle
2.2.2
... and 2 more
Published
Jul 23, 2012
Tracked Since
Feb 18, 2026