Launchpad CVE tracker

CVE 2011-4587

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Related bugs and status

CVE-2011-4587 (Candidate) is related to these bugs:

Bug #981920: Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes

		In	Importance	Status
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu)	Undecided	Fix Released
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu Precise)	Undecided	Fix Released
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu Oneiric)	Undecided	Won't Fix
981920	Sync moodle 1.9.9.dfsg2-6 (universe) from Debian unstable, security & l10 fixes	moodle (Ubuntu Natty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-4587

References