CVE-2010-1613

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://moodle.org/security/
http://www.vupen.com/english/advisories/2010/1107

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle:1.8.1:::::::*
	cpe:2.3:a:moodle:moodle:1.8.2:::::::*
	cpe:2.3:a:moodle:moodle:1.8.3:::::::*
	cpe:2.3:a:moodle:moodle:1.8.4:::::::*
	cpe:2.3:a:moodle:moodle:1.8.5:::::::*
	cpe:2.3:a:moodle:moodle:1.8.6:::::::*
	cpe:2.3:a:moodle:moodle:1.8.7:::::::*
	cpe:2.3:a:moodle:moodle:1.8.8:::::::*
	cpe:2.3:a:moodle:moodle:1.8.9:::::::*
	cpe:2.3:a:moodle:moodle:1.8.10:::::::*
	cpe:2.3:a:moodle:moodle:1.8.11:::::::*
	cpe:2.3:a:moodle:moodle:1.9.1:::::::*
	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
	cpe:2.3:a:moodle:moodle:1.9.7:::::::*

History

No history.

Information

Published : 2010-04-29 21:30

Updated : 2023-12-10 11:03

NVD link : CVE-2010-1613

Mitre link : CVE-2010-1613

CVE.ORG link : CVE-2010-1613

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-287

Improper Authentication

{"id": "CVE-2010-1613", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-04-29T21:30:00.620", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://moodle.org/security/", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1107", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the \"Regenerate session id during login\" setting by default, which makes it easier for remote attackers to conduct session fixation attacks."}, {"lang": "es", "value": "Moodle v1.8.x y v1.9.x anterior a v1.9.8 no habilita el \"Regenerate session id during login\" (regenerar id de sesi\u00f3n al acceder) como configuraci\u00f3n por defecto, lo cual facilita a los atacantes remotos realizar ataques de fijaci\u00f3n de sesi\u00f3n."}], "lastModified": "2020-12-01T14:43:53.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492A28FE-A2F8-4FF7-AC5B-0C3F5508506D"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28A897CA-3D8F-4575-BBD2-1C0C5A2ECC99"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A3A5D9-D96E-46B3-AC22-25045564EB96"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF91F8EA-1737-4E11-9931-ACAFB4BC0018"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E81E148-5710-439C-8A1A-884D27640AAD"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B70465-F734-4C65-9790-0D83D03B7A16"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE2C0217-A25A-4D0A-8CC6-64DEBC9E198F"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7949FC50-81B9-44AD-BB1B-91D025B34FF6"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83AA5D08-CF62-45A8-A8FE-18F76BA8ECA5"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C61F076-71AC-4AEF-BECF-9EF0B05CEB77"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18A3C2C4-A1FE-422C-81DB-9E46035106FD"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24F2602B-8ED3-4026-A9A4-31BE8BDC7724"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EB5859E-0996-46B5-BB44-34BD6EACBCF5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}