Miggo Logo
Miggo Vulnerability Database
CVE-2021-40691

CVE-2021-40691: Moodle Improper Authentication

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-40691
GHSA ID
GHSA-92vh-mr2w-j2cr
EPSS Score
0.40286%
CWE
-
Published
9/30/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.9, < 3.9.103.9.10
moodle/moodlecomposer>= 3.10, < 3.10.73.10.7
moodle/moodlecomposer>= 3.11, < 3.11.33.11.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability involves session hijack risk in Shibboleth authentication. Session hijacking typically occurs when session identifiers aren't properly invalidated/regenerated during authentication. Moodle's Shibboleth plugin's core authentication function (auth_shibboleth_authenticate_user_login) would be responsible for session management during login. The high confidence comes from: 1) Vulnerability context matching session management flaws, 2) Shibboleth authentication flow requiring secure session handling, and 3) Common patterns where session fixation vulnerabilities occur in authentication handlers that don't regenerate session IDs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* s*ssion *ij**k risk w*s i**nti*i** in t** S*i**ol*t* *ut**nti**tion plu*in.

Reasoning

T** vuln*r**ility involv*s s*ssion *ij**k risk in S*i**ol*t* *ut**nti**tion. S*ssion *ij**kin* typi**lly o**urs w**n s*ssion i**nti*i*rs *r*n't prop*rly inv*li**t**/r***n*r*t** *urin* *ut**nti**tion. Moo*l*'s S*i**ol*t* plu*in's *or* *ut**nti**tion *