Total vulnerabilities in the database
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.
| Software | From | Fixed in |
|---|---|---|
| moodle / moodle | 2.1.2 | 2.1.2.x |
| moodle / moodle | 2.1.1 | 2.1.1.x |
| moodle / moodle | 2.1.5 | 2.1.5.x |
| moodle / moodle | 2.1.3 | 2.1.3.x |
| moodle / moodle | 2.1.4 | 2.1.4.x |
| moodle / moodle | 2.1.0 | 2.1.0.x |
| moodle / moodle | 2.2.2 | 2.2.2.x |
| moodle / moodle | 2.2.1 | 2.2.1.x |
| moodle / moodle | 2.2.0 | 2.2.0.x |