We've just installed Moodle 2.6.3+ (Build: 20140522) and whenever a course is added, we've run into this major issue involving login names and passwords.
- Click on Add Course.
The Edit course settings page displays the user's login name in the Course ID number field. Since we don't use numbers, I can see a lot of people overlooking this field.
But even worse....
2. Complete the fields and continue to scroll down the page. When you get to the Guest access area, there's a password. When you unmask it, it's the personal system password of the user who logged in to add the course!
In our training environment--and I'm sure other environments are like this as well--multiple users have 'developer' access to a specific course:
- A small group of instructional designers will have developer access to all courses.
- And for internal training, multiple users will have developer access to courses within specific categories assigned to their organization.
Is there a FIX for this? Employees' personal systems passwords which get them into the company intranet should be very secure. With human nature being what it is, people will forget occasionally to go down to this field and remove their personal password.
I think this is a SERIOUS bug.
Our production system is at 2.4.1. We want to move to 2.6.3. (Also, we can't go above 2.6.3 right now because we're limited by the PHP version on our servers. IT does not want to upgrade for just one app.)
We never use Guest Access anyway. If there isn't a fix, is there a way to prevent Guest Access from even displaying on the Add Course page?