Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-14584 META: NTLM problems
  3. MDL-14480

NTLM Authentication - Possible Exploit

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Not a bug
    • Affects Version/s: 1.9
    • Fix Version/s: 1.9.1
    • Component/s: Authentication
    • Labels:
      None
    • Environment:
      All
    • Database:
      Any
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      When using the NTLM Authentication Plug in, it is possible to log in as any member signed up on that instillation by using a HTTP header modification program, such that can be installed into Firefox. And changing the authorization to a Base64 encoded version of the username for which you wish to access.

        Attachments

          Activity

            People

            Assignee:
            danmarsden Dan Marsden
            Reporter:
            cyberw Andy B
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              15/May/08