Bypassing Validation in MNET XMLRPC Client in Moodle 1.9.x, 2.0.x, and 2.1.x

Bypassing Validation in MNET XMLRPC Client in Moodle 1.9.x, 2.0.x, and 2.1.x

CVE-2011-4302 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

Learn more about our Web Application Penetration Testing UK.