-
Bug
-
Resolution: Not a bug
-
Critical
-
None
-
2.4
-
MOODLE_24_STABLE
There's a big issue regarding MD5 codification for passwords and username that can be searchable on google related to Sessions folder. Any one with a little knowlegde in hacking could get relevant data from users and just have to wait until the admin is logging in and having some time connected to get it's pass.
Just google:
inurl:/sessions/ intext:"8:password"
inurl:"/admin/index.php" intitle:installation
It affects all versions.
- has a non-specific relationship to
-
MDL-35332 Improve security of hashed passwords
-
- Closed
-