Red Hat Bugzilla – Bug 1051999
CVE-2014-0008 moodle: some passwords visible in the config changes report (MSA-14-0001)
Last modified: 2015-08-22 11:37:16 EDT
Andrew Steele found that some password changes were visible in plain text to Administrators in the config changes report. This issue affected Moodle versions 2.6, 2.5 to 2.5.4, 2.4 to 2.4.7 and earlier unsupported versions. It has been fixed in versions 2.6.1, 2.5.4 and 2.4.8.
I have not checked if versions 1.9.19 in EPEL 5 is affected or not.
Created moodle tracking bugs for this issue:
Affects: fedora-all [bug 1055388]
Affects: epel-all [bug 1055390]