Academics poking things and seeing what happens

Students Discover Moodle Vulnerability

- Posted in news by with comments

The reporting ( on this suggests a big scary hack at the university, but actually it's more of a good-news story about how vigilent our students are.

Internally, this got quite complicated, but the essence of it is:

  • Students found a potential vulnerability in a Moodle plugin
  • This is a vulnerability that affects any Moodle instance with the plugin - at Coventry or anywhere else.
  • Students also provided a fix, which has since been incorporated into the plugin by the author.
  • Very little data was actually at risk - lecture notes, test scores, but nothing like passwords or personal details.
  • So, this was a potential risk of session hijacking under quite specific conditions.
  • No privilege escalation!

Proudly powered by HTMLy