Launchpad CVE tracker

CVE 2011-4585

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

Related bugs and status

CVE-2011-4585 (Candidate) is related to these bugs:

Bug #981920: Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes

		In	Importance	Status
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu)	Undecided	Fix Released
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu Precise)	Undecided	Fix Released
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu Oneiric)	Undecided	Won't Fix
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu Natty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-4585

References