Description

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

Remediation

References

CVE-2009-4304

Related Vulnerabilities

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13663)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.38)

WordPress Plugin Event Espresso 4 Decaf-Event Registration Event Ticketing Cross-Site Request Forgery (4.10.11.decaf)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)

Severity

High

Classification

CVE-2009-4304

Tags

Missing Update Known Vulnerabilities