GHSA-j3x5-cwfj-pfcw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j3x5-cwfj-pfcw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j3x5-cwfj-pfcw/GHSA-j3x5-cwfj-pfcw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-j3x5-cwfj-pfcw
- Aliases
-
- CVE-2011-4287
- Published
- 2022-05-13T01:13:17Z
- Modified
- 2025-04-12T02:57:06.968848Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Moodle does not force password changes for autosubscribed users
- Details
-
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.
- Database specific
{ "nvd_published_at": "2012-07-16T10:28:00Z", "cwe_ids": [ "CWE-263" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-12T02:35:07Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-4287
- http://git.moodle.org
- http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=22a77963439e00441949440f0517135b3a5418da
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da
- http://moodle.org/mod/forum/discuss.php?d=175588
- http://openwall.com/lists/oss-security/2011/11/14/1
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle