CVE-2016-7038

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
References
Link Resource
http://www.securityfocus.com/bid/93174 Third Party Advisory VDB Entry
https://moodle.org/mod/forum/discuss.php?d=339631 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-20 08:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-7038

Mitre link : CVE-2016-7038

CVE.ORG link : CVE-2016-7038


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password