CVE-2011-4287 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2011-4287

CVE-2011-4287

July 16, 2012

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

Related Resources (6)

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=22a77963439e00441949440f0517135b3a5418da

http://git.moodle.org

https://nvd.nist.gov/vuln/detail/CVE-2011-4287

http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da

http://moodle.org/mod/forum/discuss.php?d=175588

http://openwall.com/lists/oss-security/2011/11/14/1

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

PRESENT

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

UNREPORTED

CVSS v3

Base Score:

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

CVSS v2

Base Score:

6.8

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

Weakness Type (CWE)

Password Aging with Long Expiration

CWE-263

EPSS

Base Score:

0.48

Products

Solutions

Resources

Company

Compare

Developer Tools