DescriptionMoodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
SUSE Timeline for this CVECVE page created: Fri Jun 28 07:17:18 2013
CVE page last modified: Thu Dec 7 12:49:02 2023