Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2016-7038)
Description
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
Looking for the vulnerability index of Invicti's legacy products?