Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-3394 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-3394

Medium
Reference: CVE-2012-3394
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-3394
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10 2.1.x before 2.1.7 2.2.x before 2.2.4 and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL which allows remote attackers to obtain sensitive information by sniffing the network.