Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37320

MD5 Codification for Passwords and Sessions Folder

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Not a bug
    • Affects Version/s: 2.4
    • Fix Version/s: None
    • Component/s: Authentication, Libraries
    • Labels:
    • Affected Branches:
      MOODLE_24_STABLE

      Description

      There's a big issue regarding MD5 codification for passwords and username that can be searchable on google related to Sessions folder. Any one with a little knowlegde in hacking could get relevant data from users and just have to wait until the admin is logging in and having some time connected to get it's pass.

      Just google:
      inurl:/sessions/ intext:"8:password"

      inurl:"/admin/index.php" intitle:installation

      It affects all versions.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              poltawski Dan Poltawski
              Reporter:
              fazhenlocken Fazhen Locken
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: