Boletines de Vulnerabilidades

MSA-21-0034: Authentication bypass risk when using external database authentication

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.Severity/Risk:SeriousVersions affected:3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versionsVersions fixed:3.11.3, 3.10.7 and 3.9.10Reported by:Amit EyalCVE identifier:CVE-2021-40693Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71160Tracker issue:MDL-71160

More info:

https://moodle.org/mod/forum/discuss.php?d=427105&parent=1719327

Identificadores estándar
Propiedad Valor
CVE CVE-2021-40693.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2021-10-14

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT