Descriptionlogin/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2010:004, published Tue, 16 Feb 2010 11:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:06:49 2013
CVE page last modified: Fri Oct 7 12:45:51 2022