An information disclosure flaw was found in the way Moodle, a course management system, stored WebDav repository password (it was stored in plaintext on repository configuration form). A remote attacker (logged in as Moodle administrator user) could use this flaw to obtain sensitive information. References: [1] http://www.openwall.com/lists/oss-security/2013/03/25/2 Relevant upstream patch: [3] http://git.moodle.org/gw?p=moodle.git;a=commit;h=ce96f23fe15ce6addc2f56af015452c3ea406190
This issue affects the versions of the moodle package, as shipped with Fedora release of 18, 17, and Fedora EPEL-6. Please schedule an update. -- This issue did NOT affect the version of the moodle package, as shipped with Fedora EPEL-5.
Created moodle tracking bugs for this issue Affects: fedora-18 [bug 927264]
Created moodle tracking bugs for this issue Affects: fedora-17 [bug 927267]
Created moodle tracking bugs for this issue Affects: epel-6 [bug 927273]