Detections
Analytics

CVE-2014-0008

medium

Description

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

References

https://moodle.org/mod/forum/discuss.php?d=252414

http://www.securitytracker.com/id/1029647

http://openwall.com/lists/oss-security/2014/01/20/1

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721

Details

Source: Mitre, NVD

Published: 2014-01-20

Updated: 2020-12-01

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Severity: Medium