Red Hat Bugzilla – Bug 1264852
CVE-2015-5267 moodle: Vulnerability in password recovery mechanism (MSA-15-0034)
Last modified: 2015-09-21 07:41:52 EDT
A vulnerability in password recovery mechanism was found allowing to guess the password recovery token becasue of php randomization limitations. Affected versions are 2.9 to 2.9.1, 2.8 to 2.8.7, 2.7 to 2.7.9 and earlier unsupported versions.
*** This bug has been marked as a duplicate of bug 1264861 ***