-
Bug
-
Resolution: Not a bug
-
Minor
-
None
-
3.8
-
None
-
MOODLE_38_STABLE
You might already by aware of this issue but I want it to report it anyway because it can cause great harm.
When you enter into a moodel web page a Cookie is downloaded with a random value which I presume is a session identifier.
By changing the value of the Cookie to a value of a currently active user it is possible to login as such user. It is not a permanent way of owning access to an account it only lasts until the Cookie expires but capturing new cookies usually is not hard, especially on school environments.
Video: https://drive.google.com/file/d/1gFaCzb-vXw3txUl3rzW31az__G_G0pDi/view?usp=sharing
At my school I was able of exploting this vulnerability by first executing an ARP poisoning attack redirecting the traffic to my computer, them using an sniffer I filtered the traffic to only look for frames containing cookies and that was it, I just had to wait for people to login.
- has a non-specific relationship to
-
MDL-52812 An user can enter with an admin role only copying valid sessionID from another computer with the same IP address.
- Closed