| Topic: | CAS Multi-Authentication Does Not Use HTTPS Login |
| Severity/Risk: | Minor |
| Versions affected: | 2.2 to 2.2.2+, 2.1 to 2.1.5+ |
| Reported by: | Chris Follin |
| Workaround: | Avoid CAS authentication |
| Issue no.: | MDL-32492 |
|
CVE Identifier: |
CVE-2012-2357 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=895e76ea51c462c18ad66e0761ad76cd26a63ecf |
Description:
A page in the CAS Authentication process was using an insecure HTTP URL that, apart from being insecure, sent the user in circles.