Description
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-44790)
MySQL CVE-2017-3331 Vulnerability (CVE-2017-3331)
WordPress Plugin WPGlobus Translate Options Cross-Site Scripting (2.1.0)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.7.7)
WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)