Description

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

Remediation

References

CVE-2014-7845

Related Vulnerabilities

Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)

MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-0372)

MySQL CVE-2021-2024 Vulnerability (CVE-2021-2024)

WordPress Plugin Tutor LMS-eLearning and online course solution Local File Inclusion (1.8.7)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)

Severity

High

Classification

CVE-2014-7845

Tags

Missing Update Known Vulnerabilities