Miggo Logo
Miggo Vulnerability Database
CVE-2018-1082

CVE-2018-1082: Moodle Improper Authentication

8.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-1082
GHSA ID
GHSA-qh8m-6g4p-33h3
EPSS Score
0.80929%
CWE
CWE-287
Published
5/13/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.3, < 3.3.53.3.5
moodle/moodlecomposer>= 3.4, < 3.4.23.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description indicates suspended OAuth2 users retained access. In Moodle's architecture, authentication plugins handle user status checks. The OAuth2 authentication plugin's user_authenticated_hook is responsible for post-login user management. The commit reference MDL-60101 and advisory discussion confirm the fix involved adding suspended status checks in the OAuth2 authentication flow. This function would be the logical location where suspended status verification was missing in vulnerable versions, as it's the primary point where authentication plugins interact with user account status after initial confirmation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in Moo*l* *.* to *.*.*, *n* *.* to *.*.*. I* * us*r ***ount usin* O*ut** *ut**nti**tion m*t*o* w*s on** *on*irm** *ut l*t*r susp*n***, t** us*r *oul* still lo*in to t** sit*.

Reasoning

T** vuln*r**ility **s*ription in*i**t*s susp*n*** O*ut** us*rs r*t*in** ****ss. In Moo*l*'s *r**it**tur*, *ut**nti**tion plu*ins **n*l* us*r st*tus ****ks. T** O*ut** *ut**nti**tion plu*in's us*r_*ut**nti**t**_*ook is r*sponsi*l* *or post-lo*in us*r