In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 3.1.x prior to 3.1.2 are affected by a flaw that is due to the program failing to invalidate user tokens after a password change is performed. This may allow an attacker who had compromised a user's account to have their access persist after the password has been changed.

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 3.0.x prior to 3.0.6 are affected by a flaw that is due to the program failing to invalidate user tokens after a password change is performed. This may allow an attacker who had compromised a user's account to have their access persist after the password has been changed.

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.9.x prior to 2.9.8 are affected by a flaw that is due to the program failing to invalidate user tokens after a password change is performed. This may allow an attacker who had compromised a user's account to have their access persist after the password has been changed.

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.7.x prior to 2.7.16 are affected by a flaw that is due to the program failing to invalidate user tokens after a password change is performed. This may allow an attacker who had compromised a user's account to have their access persist after the password has been changed.

Marina Glancy reports :

- MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed.

ID	Name	Product	Family	Severity
9837	Moodle 3.1.x < 3.1.2 Authentication Bypass	Nessus Network Monitor	CGI	low
9835	Moodle 3.0.x < 3.0.6 Authentication Bypass	Nessus Network Monitor	CGI	low
9833	Moodle 2.9.x < 2.9.8 Authentication Bypass	Nessus Network Monitor	CGI	low
9831	Moodle 2.7.x < 2.7.16 Authentication Bypass	Nessus Network Monitor	CGI	low
94903	FreeBSD : moodle -- multiple vulnerabilities (ab02f981-ab9e-11e6-ae1b-002590263bf5)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2016-7038

high

Tenable Plugins

low

low

low

low

high