Description
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Multi-Step Forms Security Bypass (3.0.8)
Moodle Improper Input Validation Vulnerability (CVE-2006-4936)
Apache Traffic Server Always-Incorrect Control Flow Implementation Vulnerability (CVE-2025-58136)
Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)