| Topic: | Change password form is sent over HTTP when httpslogin = true |
| Severity: | Minor |
| Versions affected: | 1.9 to 1.9.14+ (2.x not affected) |
| Reported by: | Darragh Enright |
| Issue no.: | MDL-29092 |
| Changes (1.9): | http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=01dd64a8c8aa95f793accea371b2392e662663c5 |
Description:
When a user was entering a new password, this information was sent to the server using an insecure transmission.