CVE-2009-4300

NameCVE-2009-4300
DescriptionMultiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2115-1
Debian Bugs559531

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesourcelenny1.8.13-1DSA-2115-1
moodlesource(unstable)1.9.8-1559531

Notes

[lenny] - moodle <no-dsa> (Minor issue)
[etch] - moodle <no-dsa> (Minor issue)
MSA-09-0025
Search for package or bug name: Reporting problems