Description
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=252414
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/01/20/1
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029647
Scores
EPSS
0.0042
EPSS Percentile
62.3%
Details
CWE
CWE-255
Status
published
Products (25)
moodle/moodle
2.5.0
moodle/moodle
2.5.1
moodle/moodle
2.5.2
moodle/moodle
2.5.3
moodle/moodle
2.6.0
moodle/moodle
2.4.0
moodle/moodle
2.4.1
moodle/moodle
2.4.2
moodle/moodle
2.4.3
moodle/moodle
2.4.4
... and 15 more
Published
Jan 20, 2014
Tracked Since
Feb 18, 2026