Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-evtb-ua7c-3fed |
|---|
| Summary | Moodle Affected by Improper Restriction of Excessive Authentication Attempts
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts. |
|---|
| Aliases |
| 0 |
|
| 1 |
| alias |
GHSA-5cx4-w4fh-fr57 |
|
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@4.4.0-beta |
| purl |
pkg:composer/moodle/moodle@4.4.0-beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4uwn-m5xb-8ufn |
|
| 1 |
| vulnerability |
VCID-7r7p-pcsy-ubbj |
|
| 2 |
| vulnerability |
VCID-7xms-9t2c-vbbv |
|
| 3 |
| vulnerability |
VCID-7z2w-xpn7-gbhm |
|
| 4 |
| vulnerability |
VCID-aac8-q8g6-ebfw |
|
| 5 |
| vulnerability |
VCID-cf3k-pt7y-d3c9 |
|
| 6 |
| vulnerability |
VCID-eutz-ecg4-b3he |
|
| 7 |
| vulnerability |
VCID-evtb-ua7c-3fed |
|
| 8 |
| vulnerability |
VCID-ewey-azre-s3fh |
|
| 9 |
| vulnerability |
VCID-k45j-wnny-nfa2 |
|
| 10 |
| vulnerability |
VCID-mqj9-khvp-2yca |
|
| 11 |
| vulnerability |
VCID-qnbd-sejn-pfgp |
|
| 12 |
| vulnerability |
VCID-rh68-hatq-rqbr |
|
| 13 |
| vulnerability |
VCID-smgv-8j8r-1ba9 |
|
| 14 |
| vulnerability |
VCID-xxtt-z6tn-mqc5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.0-beta |
|
| 1 |
| url |
pkg:composer/moodle/moodle@4.5.0-beta |
| purl |
pkg:composer/moodle/moodle@4.5.0-beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2h6c-6mgm-akc2 |
|
| 1 |
| vulnerability |
VCID-4uwn-m5xb-8ufn |
|
| 2 |
| vulnerability |
VCID-7z2w-xpn7-gbhm |
|
| 3 |
| vulnerability |
VCID-a6w6-penj-kuds |
|
| 4 |
| vulnerability |
VCID-aac8-q8g6-ebfw |
|
| 5 |
| vulnerability |
VCID-de7j-3de2-s3ee |
|
| 6 |
| vulnerability |
VCID-eutz-ecg4-b3he |
|
| 7 |
| vulnerability |
VCID-evtb-ua7c-3fed |
|
| 8 |
| vulnerability |
VCID-ewey-azre-s3fh |
|
| 9 |
| vulnerability |
VCID-fcf4-tf5h-hfcr |
|
| 10 |
| vulnerability |
VCID-k45j-wnny-nfa2 |
|
| 11 |
| vulnerability |
VCID-qnbd-sejn-pfgp |
|
| 12 |
| vulnerability |
VCID-smgv-8j8r-1ba9 |
|
| 13 |
| vulnerability |
VCID-xxtt-z6tn-mqc5 |
|
| 14 |
| vulnerability |
VCID-ysax-7hvs-mkct |
|
| 15 |
| vulnerability |
VCID-zaff-9ezm-aba1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.0-beta |
|
| 2 |
| url |
pkg:composer/moodle/moodle@5.0.0-beta |
| purl |
pkg:composer/moodle/moodle@5.0.0-beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2h6c-6mgm-akc2 |
|
| 1 |
| vulnerability |
VCID-4uwn-m5xb-8ufn |
|
| 2 |
| vulnerability |
VCID-7z2w-xpn7-gbhm |
|
| 3 |
| vulnerability |
VCID-a6w6-penj-kuds |
|
| 4 |
| vulnerability |
VCID-aac8-q8g6-ebfw |
|
| 5 |
| vulnerability |
VCID-cghw-xbkf-juh9 |
|
| 6 |
| vulnerability |
VCID-de7j-3de2-s3ee |
|
| 7 |
| vulnerability |
VCID-eutz-ecg4-b3he |
|
| 8 |
| vulnerability |
VCID-evtb-ua7c-3fed |
|
| 9 |
| vulnerability |
VCID-ewey-azre-s3fh |
|
| 10 |
| vulnerability |
VCID-fcf4-tf5h-hfcr |
|
| 11 |
| vulnerability |
VCID-jcxv-jtyh-f7e9 |
|
| 12 |
| vulnerability |
VCID-k45j-wnny-nfa2 |
|
| 13 |
| vulnerability |
VCID-qnbd-sejn-pfgp |
|
| 14 |
| vulnerability |
VCID-smgv-8j8r-1ba9 |
|
| 15 |
| vulnerability |
VCID-xxtt-z6tn-mqc5 |
|
| 16 |
| vulnerability |
VCID-ysax-7hvs-mkct |
|
| 17 |
| vulnerability |
VCID-zaff-9ezm-aba1 |
|
| 18 |
| vulnerability |
VCID-zd4r-bn1p-27a5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.0-beta |
|
| 3 |
|
|
|---|
| References |
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
307 |
| name |
Improper Restriction of Excessive Authentication Attempts |
| description |
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. |
|
| 1 |
| cwe_id |
937 |
| name |
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities |
| description |
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013. |
|
| 2 |
| cwe_id |
1035 |
| name |
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
| description |
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 7.0 - 8.9 |
|---|
| Exploitability | 0.5 |
|---|
| Weighted_severity | 8.0 |
|---|
| Risk_score | 4.0 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-evtb-ua7c-3fed |
|---|