Hi all,
We’ve recently had an accidental unauthorized access to our Moodle system and would like some help in figuring out what happened and, more importantly, how to fix it.
We hired a developer to code some extra functionality into our Moodle site and created a second instance of Moodle on our domain for him to work on. We duplicated our site (files and folders) but used an empty MySQL database (no student or course data), with the idea being that he could develop additional features without crashing the site or corrupting the database accidentally.
After logging into the “sandbox” site, we found with the developer that he could type in the URL or navigate to our main site and be automatically logged in and have the same system privileges as he had been assigned on the sandbox site. In other words, even though he is not a user on our main Moodle site, being the system administrator on the sandbox site allows him the same level of control on the main site.
While the issue is not whether we trust our current and future developers, we would still prefer for our propriety information stay secure and would like to close this security hole in case a malicious user decides to attempt to access our site.
Does anyone have thoughts on how this is possible and how to prevent future access of this sort?
(My best guess is that the authentication record/cookie used to access the sandbox site is being accepted by the main site. Since I duplicated the site, is there some key or randomly generated number or unique-identifier that both sites share that needs to be changed?)
Main/Sandbox Moodle v1.9.7+ (Build: 20100317)