Moodle e-Learning platform vulnerability

A recent engagement has caused us to look in more depth at previous vulnerabilities in the Moodle e-Learning platform. One particular issue, MSA-15-0034 concerns the predictability of password reset tokens. Frequently issues like this are difficult to exploit in real-world scenarios.

In this case however, this vulnerability is possible to exploit. An attacker can guess a password reset token, allowing them to change the password on any account in the system, including administrators.

A brief survey of publicly available instances of Moodle indicates that about 50% of them would be vulnerable to this exploit. This has been determined by enumerating the version of Moodle running, rather than any attempt to exploit the vulnerability.

We are disclosing the issue to the vendor. Although the vulnerability has been raised and fixed, it is clear that this has not filtered through to the operators of Moodle sites.

In the meantime, we recommend that you upgrade to the latest version of Moodle.