Unrated severityNVD Advisory· Published Dec 16, 2009· Updated Jun 16, 2026
CVE-2009-4302
CVE-2009-4302
Description
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
Affected products
16cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
- (no CPE)range: >=1.8 <1.8.11 or >=1.9 <1.9.7
Patches
Vulnerability mechanics
References
9- docs.moodle.org/en/Moodle_1.8.11_release_notesnvdPatch
- docs.moodle.org/en/Moodle_1.9.7_release_notesnvdPatch
- moodle.org/mod/forum/discuss.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/37244nvdPatch
- www.vupen.com/english/advisories/2009/3455nvdPatchVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.htmlnvdPatch
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.htmlnvdPatch
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.htmlnvdPatch
- secunia.com/advisories/37614nvdVendor Advisory
News mentions
0No linked articles in our index yet.