Description

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

Remediation

References

CVE-2009-4304

Related Vulnerabilities

Oracle Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2001-1371)

WordPress Plugin Affiliate PRO Cross-Site Scripting (1.3.1)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-1151)

WordPress Plugin Malware Finder Cross-Site Scripting (1.1)

WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

Severity

High

Classification

CVE-2009-4304

Tags

Missing Update Known Vulnerabilities