Miggo Logo

CVE-2015-5267: Moodle uses predictable password-recovery tokens

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.66552%
Published
5/13/2022
Updated
1/26/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer< 2.7.102.7.10
moodle/moodlecomposer>= 2.8.0, < 2.8.82.8.8
moodle/moodlecomposer>= 2.9.0, < 2.9.22.9.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly states that random_string and complex_random_string in lib/moodlelib.php used mt_rand(), a non-cryptographic PRNG. The commit diff confirms these functions were patched to replace mt_rand() with random_bytes_emulate(), and the CVE/NVD/GHSA references all attribute the weakness to this implementation. The functions' direct role in token generation and their dependency on mt_rand() make them the clear vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

li*/moo*l*li*.p*p in Moo*l* t*rou** *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* r*li*s on t** P*P mt_r*n* *un*tion to impl*m*nt t** r*n*om_strin* *n* *ompl*x_r*n*om_strin* *un*tions, w*i** m*k*s it **si*r *or r*mot* *tt**k

Reasoning

T** vuln*r**ility **s*ription *xpli*itly st*t*s t**t r*n*om_strin* *n* *ompl*x_r*n*om_strin* in li*/moo*l*li*.p*p us** mt_r*n*(), * non-*rypto*r*p*i* PRN*. T** *ommit *i** *on*irms t**s* *un*tions w*r* p*t**** to r*pl*** mt_r*n*() wit* r*n*om_*yt*s_*