| Topic: | rc4encrypt function uses hardcoded key |
| Severity: | Minor |
| Versions affected: | 2.2, 2.1 to 2.1.3+, 2.0 to 2.0.6+, 1.9 to 1.9.15+ |
| Reported by: | Rajesh Taneja |
| Workaround | Manually change encryption key |
| Issue no.: | MDL-28948 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28948 |
Description:
Encryption and decryption of cookies and other values now use a key generated at install, rather than a fixed key.