Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37320

MD5 Codification for Passwords and Sessions Folder

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Not a bug
    • Affects Version/s: 2.4
    • Fix Version/s: None
    • Component/s: Authentication, Libraries
    • Labels:
    • Affected Branches:
      MOODLE_24_STABLE

      Description

      There's a big issue regarding MD5 codification for passwords and username that can be searchable on google related to Sessions folder. Any one with a little knowlegde in hacking could get relevant data from users and just have to wait until the admin is logging in and having some time connected to get it's pass.

      Just google:
      inurl:/sessions/ intext:"8:password"

      inurl:"/admin/index.php" intitle:installation

      It affects all versions.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: