Home > Vulnerability Database > CVE-2011-4587

Mend.io Vulnerability Database

CVE-2011-4587

Good to know:

Date: July 20, 2012

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Language: PHP

Severity Score

5.6

Related Resources (6)

Url: http://moodle.org/mod/forum/discuss.php?d=191755

Url: https://bugzilla.redhat.com/show_bug.cgi?id=761248

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-4587

Url: http://www.debian.org/security/2012/dsa-2421

Url: http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e079e82c087becf06d902089d14f3f76686bde19

Url: https://www.mend.io/vulnerability-database/CVE-2011-4587

Severity Score

5.6

Weakness Type (CWE)

Credentials Management

CWE-255

Top Fix

Upgrade Version

Upgrade to version v1.9.15,v2.0.6,v2.1.3

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-4587

Good to know:

Date: July 20, 2012

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?