CVE-2015-5267: Moodle uses predictable password-recovery tokens
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.66552%
CWE
Published
5/13/2022
Updated
1/26/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
moodle/moodle | composer | < 2.7.10 | 2.7.10 |
moodle/moodle | composer | >= 2.8.0, < 2.8.8 | 2.8.8 |
moodle/moodle | composer | >= 2.9.0, < 2.9.2 | 2.9.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description explicitly states that random_string and complex_random_string in lib/moodlelib.php used mt_rand(), a non-cryptographic PRNG. The commit diff confirms these functions were patched to replace mt_rand() with random_bytes_emulate(), and the CVE/NVD/GHSA references all attribute the weakness to this implementation. The functions' direct role in token generation and their dependency on mt_rand() make them the clear vulnerable points.