CVE-2024-45691
MEDIUMMoodle < 4.1.13 - Password Bypass via Loose Comparison in Lesson Activity
Title source: llmDescription
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.
References (2)
Core 2
Core References
Vendor Advisory
https://moodle.org/security/
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2309940
Scores
CVSS v3
5.4
EPSS
0.0039
EPSS Percentile
60.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (2)
moodle/moodle
< 4.1.13
moodle/moodle
0 - 4.1.13Packagist
Published
Nov 20, 2024
Tracked Since
Feb 18, 2026