Description
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
Remediation
References
Related Vulnerabilities
WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)
WordPress Plugin twitterDash Cross-Site Request Forgery (2.1)
WordPress Plugin WR ContactForm SQL Injection (1.1.9)
WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)