Nixpkgs Security Tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Accepted
(browse all)
Permalink CVE-2024-45691
updated 1 year, 1 month ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 1 month ago
  • @LeSuisse accepted 1 year, 1 month ago
Moodle: lesson activity password bypass through php loose comparison

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

Affected products

moodle
  • <4.2.10
  • <4.1.13
  • <4.3.7
  • <4.4.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers