Session Key Disclosure in Moodle 2.0.x and 2.1.x

Session Key Disclosure in Moodle 2.0.x and 2.1.x

CVE-2012-0799 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

Learn more about our Web Application Penetration Testing UK.