Topic: | CAS Multi-Authentication Does Not Use HTTPS Login |
Severity/Risk: | Minor |
Versions affected: | 2.2 to 2.2.2+, 2.1 to 2.1.5+ |
Reported by: | Chris Follin |
Workaround: | Avoid CAS authentication |
Issue no.: | MDL-32492 |
CVE Identifier: |
CVE-2012-2357 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=895e76ea51c462c18ad66e0761ad76cd26a63ecf |
Description:
A page in the CAS Authentication process was using an insecure HTTP URL that, apart from being insecure, sent the user in circles.