CVE-2024-45691 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-45691

CVE-2024-45691

November 20, 2024

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

Related Resources (7)

https://bugzilla.redhat.com/show_bug.cgi?id=2309940

https://github.com/moodle/moodle

https://nvd.nist.gov/vuln/detail/CVE-2024-45691

https://moodle.org/security/

https://github.com/moodle/moodle/commit/3fc1073d304f660d2552b591c5fb92547ed01e92

https://moodle.org/security

https://moodle.org/mod/forum/discuss.php?d=461897#p1854494

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Authentication Bypass by Alternate Name

CWE-289

Improper Authorization

CWE-285

EPSS

Base Score:

0.29

Products

Solutions

Resources

Company

Compare

Developer Tools