Miggo Logo
Miggo Vulnerability Database
CVE-2024-34009

CVE-2024-34009: Moodle ReCAPTCHA can be bypassed on the login page

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-34009
GHSA ID
GHSA-gwf6-q6c2-94p3
EPSS Score
0.47324%
CWE
CWE-20
Published
5/31/2024
Updated
8/2/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 4.3.0, < 4.3.44.3.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability specifically affects the login page's ReCAPTCHA implementation. Moodle's architecture typically handles form submissions through centralized scripts like login/index.php. The description indicates missing enablement checks - a classic input validation flaw (CWE-20). While exact code isn't available, the pattern matches login form handlers that would need to: 1) Check if ReCAPTCHA is enabled in system config 2) Validate ReCAPTCHA response if enabled. The bypass suggests step 1 was missing in the submission path. The first patched version (4.3.4) and vulnerability range (≥4.3.0) align with recent authentication flow changes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Insu**i*i*nt ****ks w**t**r R***PT*** w*s *n**l** m*** it possi*l* to *yp*ss t** ****ks on t** lo*in p***. T*is *i* not *****t ot**r p***s w**r* R***PT*** is utiliz**.

Reasoning

T** vuln*r**ility sp**i*i**lly *****ts t** lo*in p***'s R***PT*** impl*m*nt*tion. Moo*l*'s *r**it**tur* typi**lly **n*l*s *orm su*missions t*rou** **ntr*liz** s*ripts lik* lo*in/in**x.p*p. T** **s*ription in*i**t*s missin* *n**l*m*nt ****ks - * *l*ss