CVE-2014-0214 : Detail

CVE-2014-0214

Authorization problems
A07-Identif. and Authent. Fail
0.62%V3
Network
2014-05-26
22h00 +00:00
2014-05-26
21h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics Score Severity CVSS Vector Source
V2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Products Mentioned

Configuraton 0

Moodle>>Moodle >> Version To (including) 2.3.11

Moodle>>Moodle >> Version 2.0.0

Moodle>>Moodle >> Version 2.0.1

Moodle>>Moodle >> Version 2.0.2

Moodle>>Moodle >> Version 2.0.3

Moodle>>Moodle >> Version 2.0.4

Moodle>>Moodle >> Version 2.0.5

Moodle>>Moodle >> Version 2.0.6

Moodle>>Moodle >> Version 2.0.7

Moodle>>Moodle >> Version 2.0.8

Moodle>>Moodle >> Version 2.0.9

Moodle>>Moodle >> Version 2.1.0

Moodle>>Moodle >> Version 2.1.1

Moodle>>Moodle >> Version 2.1.2

Moodle>>Moodle >> Version 2.1.3

Moodle>>Moodle >> Version 2.1.4

Moodle>>Moodle >> Version 2.1.5

Moodle>>Moodle >> Version 2.1.6

Moodle>>Moodle >> Version 2.1.7

Moodle>>Moodle >> Version 2.1.8

Moodle>>Moodle >> Version 2.1.9

Moodle>>Moodle >> Version 2.1.10

Moodle>>Moodle >> Version 2.2.0

Moodle>>Moodle >> Version 2.2.1

Moodle>>Moodle >> Version 2.2.2

Moodle>>Moodle >> Version 2.2.3

Moodle>>Moodle >> Version 2.2.4

Moodle>>Moodle >> Version 2.2.5

Moodle>>Moodle >> Version 2.2.6

Moodle>>Moodle >> Version 2.2.7

Moodle>>Moodle >> Version 2.2.8

Moodle>>Moodle >> Version 2.2.9

Moodle>>Moodle >> Version 2.2.10

Moodle>>Moodle >> Version 2.2.11

Moodle>>Moodle >> Version 2.3.0

Moodle>>Moodle >> Version 2.3.1

Moodle>>Moodle >> Version 2.3.2

Moodle>>Moodle >> Version 2.3.3

Moodle>>Moodle >> Version 2.3.4

Moodle>>Moodle >> Version 2.3.5

Moodle>>Moodle >> Version 2.3.6

Moodle>>Moodle >> Version 2.3.7

Moodle>>Moodle >> Version 2.3.8

Moodle>>Moodle >> Version 2.3.9

Moodle>>Moodle >> Version 2.3.10

Moodle>>Moodle >> Version 2.4.0

Moodle>>Moodle >> Version 2.4.1

Moodle>>Moodle >> Version 2.4.2

Moodle>>Moodle >> Version 2.4.3

Moodle>>Moodle >> Version 2.4.4

Moodle>>Moodle >> Version 2.4.5

Moodle>>Moodle >> Version 2.4.6

Moodle>>Moodle >> Version 2.4.7

Moodle>>Moodle >> Version 2.4.8

Moodle>>Moodle >> Version 2.4.9

Moodle>>Moodle >> Version 2.5.0

Moodle>>Moodle >> Version 2.5.1

Moodle>>Moodle >> Version 2.5.2

Moodle>>Moodle >> Version 2.5.3

Moodle>>Moodle >> Version 2.5.4

Moodle>>Moodle >> Version 2.5.5

Moodle>>Moodle >> Version 2.6.0

Moodle>>Moodle >> Version 2.6.1

Moodle>>Moodle >> Version 2.6.2

References

http://openwall.com/lists/oss-security/2014/05/19/1
Tags : mailing-list, x_refsource_MLIST