CVE-2009-4300

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.

Published: Dec 16, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-4300
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
moodle / moodle	1.9.4	1.9.4.x
moodle / moodle	1.9.1	1.9.1.x
moodle / moodle	1.8.8	1.8.8.x
moodle / moodle	1.9.6	1.9.6.x
moodle / moodle	1.8.2	1.8.2.x
moodle / moodle	1.9.2	1.9.2.x
moodle / moodle	1.8.5	1.8.5.x
moodle / moodle	1.8.3	1.8.3.x
moodle / moodle	1.8.9	1.8.9.x
moodle / moodle	1.8.7	1.8.7.x
moodle / moodle	1.8.10	1.8.10.x
moodle / moodle	1.9.3	1.9.3.x
moodle / moodle	1.9.5	1.9.5.x
moodle / moodle	1.8.4	1.8.4.x
moodle / moodle	1.8.1	1.8.1.x

http://docs.moodle.org/en/Moodle_1.8.11_release_notes
http://docs.moodle.org/en/Moodle_1.9.7_release_notes
http://moodle.org/mod/forum/discuss.php?d=139105
http://secunia.com/advisories/37614
http://www.securityfocus.com/bid/37244
http://www.vupen.com/english/advisories/2009/3455
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html

Vulnerability Database

289,697

CVE-2009-4300