Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Credentials Management Errors Vulnerability (CVE-2012-0794)

Description

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1)

SharePoint Use After Free Vulnerability (CVE-2025-49703)

WordPress Plugin TweetScribe Cross-Site Request Forgery (1.1)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-27556)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0114)

Severity

Medium

Classification

CVE-2012-0794

Tags

Missing Update Known Vulnerabilities