Description

The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.

Remediation

References

CVE-2012-2357

Related Vulnerabilities

WordPress Plugin Ocean Extra PHP Object Injection (2.0.4)

WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting (1.2.5)

WordPress Plugin Job Manager Security Bypass (0.7.25)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3082)

Apache Tomcat Resource Management Errors Vulnerability (CVE-2011-4858)

Severity

Medium

Classification

CVE-2012-2357 CWE-200

Tags

Missing Update Known Vulnerabilities