CVE-2009-4303

NameCVE-2009-4303
DescriptionMoodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1986-1
NVD severitymedium (attack range: remote)
Debian Bugs559531

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesource(unstable)1.8.2.dfsg-6medium559531
moodlesourcelenny1.8.2.dfsg-3+lenny3mediumDSA-1986-1

Notes

MSA-09-0028

Search for package or bug name: Reporting problems