Blog: Vulnerability Advisory

Moodle e-Learning platform vulnerability

Andrew Tierney 01 Jun 2016

moodle

A recent engagement has caused us to look in more depth at previous vulnerabilities in the Moodle e-Learning platform. One particular issue, MSA-15-0034 concerns the predictability of password reset tokens. Frequently issues like this are difficult to exploit in real-world scenarios.

In this case however, this vulnerability is possible to exploit. An attacker can guess a password reset token, allowing them to change the password on any account in the system, including administrators.

A brief survey of publicly available instances of Moodle indicates that about 50% of them would be vulnerable to this exploit. This has been determined by enumerating the version of Moodle running, rather than any attempt to exploit the vulnerability.

We are disclosing the issue to the vendor. Although the vulnerability has been raised and fixed, it is clear that this has not filtered through to the operators of Moodle sites.

In the meantime, we recommend that you upgrade to the latest version of Moodle.