Unrated severityNVD Advisory· Published Dec 16, 2009· Updated Jun 16, 2026
CVE-2009-4304
CVE-2009-4304
Description
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.
Affected products
16cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
- (no CPE)range: <1.8.11, <1.9.7
Patches
Vulnerability mechanics
References
9- docs.moodle.org/en/Moodle_1.8.11_release_notesnvdPatch
- docs.moodle.org/en/Moodle_1.9.7_release_notesnvdPatch
- moodle.org/mod/forum/discuss.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/37244nvdPatch
- www.vupen.com/english/advisories/2009/3455nvdPatchVendor Advisory
- secunia.com/advisories/37614nvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.htmlnvd
News mentions
0No linked articles in our index yet.