CVE-2015-2272

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-06-01 19:59

Updated : 2024-02-28 15:21


NVD link : CVE-2015-2272

Mitre link : CVE-2015-2272

CVE.ORG link : CVE-2015-2272


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-264

Permissions, Privileges, and Access Controls