Moodle MNET Authentication Impersonation Vulnerability

Moodle MNET Authentication Impersonation Vulnerability

CVE-2011-4584 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

Learn more about our User Device Pen Test.