MSA-21-0034: Authentication bypass risk when using external database authentication
|
System information
|
|
|
Affected software |
PHP |
Description
|
by Michael Hawkins. An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.Severity/Risk:SeriousVersions affected:3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versionsVersions fixed:3.11.3, 3.10.7 and 3.9.10Reported by:Amit EyalCVE identifier:CVE-2021-40693Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71160Tracker issue:MDL-71160
More info:
https://moodle.org/mod/forum/discuss.php?d=427105&parent=1719327 |
Standar resources
|
Property |
Value |
CVE |
CVE-2021-40693. |