Moodle MNET Authentication Impersonation Vulnerability
CVE-2011-4584 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.
Learn more about our User Device Pen Test.