Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-4302

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.

Related bugs and status

CVE-2009-4302 (Candidate) is related to these bugs:

Bug #523240: multiple security problems

Summary				In	Importance	Status
	523240	multiple security problems		moodle (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://docs.moodle.org...
CONFIRM: http://docs.moodle.org...
CONFIRM: http://moodle.org/mod/...
FEDORA: FEDORA-2009-13040
FEDORA: FEDORA-2009-13065
FEDORA: FEDORA-2009-13080
BID: 37244
SECUNIA: 37614
VUPEN: ADV-2009-3455