Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2016-7038 - Vulnerability Database

Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability - CVE-2016-7038

High

Reference: CVE-2016-7038

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-7038

Title: Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability

Overview:

In Moodle 2.x and 3.x web service tokens are not invalidated when the user password is changed or forced to be changed.