CVE-2024-45691

Medium

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less…

fedora·NVD-CWE-noinfo·Published 2024-11-20

CVSS

5.4

EPSS

0.00

KEV

Exploits

cve.orgen

261 chars

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

NVDen

261 chars

OSV.deven

261 chars

GHSAen

261 chars

NVDes

332 chars

Se encontró una falla en Moodle. Al restringir el acceso a una actividad de lección con una contraseña, ciertas contraseñas podían ser ignoradas o menos seguras debido a una comparación poco precisa en la lógica de verificación de contraseñas. Este problema solo afectaba a las contraseñas configuradas con valores de "hash mágico".

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.4	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	cve.org	5.4	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	GHSA	5.4	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	NVD	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0	Secondary	GHSA	6.3	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N