Miggo Logo
Miggo Vulnerability Database
CVE-2021-40693

CVE-2021-40693: Moodle type juggling vulnerability

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-40693
GHSA ID
GHSA-2jxg-mv2m-j4r7
EPSS Score
0.24573%
CWE
CWE-287
Published
9/30/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.9, < 3.9.103.9.10
moodle/moodlecomposer>= 3.10, < 3.10.73.10.7
moodle/moodlecomposer>= 3.11, < 3.11.33.11.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper type handling during external database authentication. PHP's type juggling in comparisons can cause '0e1234' (hash) == 0 (integer input) to evaluate as true. The auth/db/auth.php's user_login method would be responsible for fetching and comparing external DB credentials, making it the most likely location for this vulnerability. While direct commit references aren't available, the CWE-287 context and Moodle's authentication architecture strongly support this conclusion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *ut**nti**tion *yp*ss risk w*s i**nti*i** in t** *xt*rn*l **t***s* *ut**nti**tion *un*tion*lity, *u* to * typ* ju**lin* vuln*r**ility.

Reasoning

T** vuln*r**ility st*ms *rom improp*r typ* **n*lin* *urin* *xt*rn*l **t***s* *ut**nti**tion. P*P's typ* ju**lin* in *omp*risons **n **us* '******' (**s*) == * (int***r input) to *v*lu*t* *s tru*. T** `*ut*/**/*ut*.p*p`'s us*r_lo*in m*t*o* woul* ** r*