MSA-14-0037: Weak temporary password generation

MSA-14-0037: Weak temporary password generation

by Marina Glancy -
Number of replies: 0
Description: The word list for temporary password generation was short meaning the pool of possible passwords was not big enough.
Issue summary: generate_password() is insecure and in use
Severity/Risk: Minor
Versions affected: 2.7 to 2.7.2, 2.6 to 2.6.5, 2.5 to 2.5.8 and earlier unsupported versions
Versions fixed: 2.8, 2.7.3, 2.6.6 and 2.5.9
Reported by: Aaron Barnes
Issue no.: MDL-47050
Workaround: Enable password policy
CVE identifier: CVE-2014-7845
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050