Description
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.
Remediation
References
Related Vulnerabilities
ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2889)
WordPress Plugin Google Analytics Dashboard SQL Injection (2.0.4)
Moodle Improper Privilege Management Vulnerability (CVE-2017-7532)
WordPress Plugin Master Slider-Responsive Touch Slider Cross-Site Scripting (2.7.1)