Security Announcements

MSA-14-0015: Web service token expiry issue for MoodleMobile

 
 
My ugly mug
MSA-14-0015: Web service token expiry issue for MoodleMobile
 
Description: MoodleMobile web service tokens were not expiring.
Issue summary: Tokens created automatically in login/token.php are valid forever
Severity/Risk: Minor
Versions affected: 2.6 to 2.6.2, 2.5 to 2.5.5, 2.4 to 2.4.9 and earlier unsupported versions
Versions fixed: 2.7, 2.6.3, 2.5.6 and 2.4.10
Reported by: Juan Leyva
Issue no.: MDL-43119
CVE identifier: CVE-2014-0214
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119