login/change_password.php in Moodle 1.9.x prior to 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote malicious users to obtain credentials by sniffing the network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 1.9.4 |
||
moodle moodle 1.9.1 |
||
moodle moodle 1.9.6 |
||
moodle moodle 1.9.9 |
||
moodle moodle 1.9.11 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.12 |
||
moodle moodle 1.9.10 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.9.13 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.14 |
||
moodle moodle 1.9.8 |
||
moodle moodle 1.9.7 |