Topic: | Incorrect handling of openssl_verify() return code |
Severity: | Serious |
Versions affected: | < 2.1.2, < 2.0.5, < 1.9.14 |
Reported by: | David Mudrak |
Issue no.: | MDL-29148 |
Solution: | upgrade to latest version |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=54941685e3e86ec085641dcb7ebb1f96f06735b2 |
Workaround: | Disable MNET |
Description:
Moodle was not handling these SSL return codes correctly and was vulnerable to remote attacks bypassing validation.