Vulnerability Bulletins

MSA-21-0034: Authentication bypass risk when using external database authentication


System information

   
Affected software PHP

Description

by Michael Hawkins. An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.Severity/Risk:SeriousVersions affected:3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versionsVersions fixed:3.11.3, 3.10.7 and 3.9.10Reported by:Amit EyalCVE identifier:CVE-2021-40693Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71160Tracker issue:MDL-71160

More info:

https://moodle.org/mod/forum/discuss.php?d=427105&parent=1719327

Standar resources

Property Value
CVE CVE-2021-40693.

Version history

Version Comments Date
1.0 Advisory issued 2021-10-14
Ministerio de Defensa
CNI
CCN
CCN-CERT