| Topic: | Incorrect handling of openssl_verify() return code |
| Severity: | Serious |
| Versions affected: | < 2.1.2, < 2.0.5, < 1.9.14 |
| Reported by: | David Mudrak |
| Issue no.: | MDL-29148 |
| Solution: | upgrade to latest version |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2 |
| Workaround: | Disable MNET |
Description:
Moodle was not handling these SSL return codes correctly and was vulnerable to remote attacks bypassing validation.