CVE-2011-4584 - Harmonic Slate

Description

The MNET authentication functionality in Moodle 1.9.x before 1.9.15 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability as demonstrated by a Mahara site.

Reference

http://moodle.org/mod/forum/discuss.php?d=191751 https://bugzilla.redhat.com/show_bug.cgi?id=761248 http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b http://www.debian.org/security/2012/dsa-2421