Description
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Review Unspecified Vulnerability (5.2.1)
WordPress Plugin Facebook Like Box Multiple Vulnerabilities (2.9.1)
XOOPS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3822)
WordPress Plugin Lightweight Accordion Cross-Site Scripting (1.5.14)
WordPress Plugin Live Chat with Facebook Messenger Cross-Site Scripting (1.4.4)