CUEH - BLOG

CUEH Blog

Academics poking things and seeing what happens

Students Discover Moodle Vulnerability

- Posted in news by

The reporting (http://www.coventrytelegraph.net/news/coventry-news/coventry-university-students-left-vulnerable-12080500) on this suggests a big scary hack at the university, but actually it's more of a good-news story about how vigilent our students are.

Internally, this got quite complicated, but the essence of it is:

  • Students found a potential vulnerability in a Moodle plugin
  • This is a vulnerability that affects any Moodle instance with the plugin - at Coventry or anywhere else.
  • Students also provided a fix, which has since been incorporated into the plugin by the author.
  • Very little data was actually at risk - lecture notes, test scores, but nothing like passwords or personal details.
  • So, this was a potential risk of session hijacking under quite specific conditions.
  • No privilege escalation!

Comments

http://creativecommons.org/licenses/by-sa/4.0/

Proudly powered by HTMLy