Vulnerabilidad en Moodle (CVE-2009-4304)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-255
Gestión de credenciales
Fecha de publicación:
16/12/2009
Última modificación:
09/04/2025
Descripción
Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 no utiliza variación aleatorio de contraseñas en config.php, lo que hace mas facil para los atacantes dirigir un ataque de fuerza bruta contra la contraseña.
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
CPE | Desde | Hasta |
---|---|---|
cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://moodle.org/mod/forum/discuss.php?d=139111
- http://secunia.com/advisories/37614
- http://www.securityfocus.com/bid/37244
- http://www.vupen.com/english/advisories/2009/3455
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html
- http://docs.moodle.org/en/Moodle_1.8.11_release_notes
- http://docs.moodle.org/en/Moodle_1.9.7_release_notes
- http://moodle.org/mod/forum/discuss.php?d=139111
- http://secunia.com/advisories/37614
- http://www.securityfocus.com/bid/37244
- http://www.vupen.com/english/advisories/2009/3455
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html