Vulnonym.com

CVE-2012-3394 - Convictive Turkey

Description

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10 2.1.x before 2.1.7 2.2.x before 2.2.4 and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL which allows remote attackers to obtain sensitive information by sniffing the network.

Reference

http://openwall.com/lists/oss-security/2012/07/17/1 http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7 https://exchange.xforce.ibmcloud.com/vulnerabilities/76960 http://www.securityfocus.com/bid/54481 http://secunia.com/advisories/49890