Moodle in English: Sensitive data disclosure

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

Home

Sensitive data disclosure

◄ Vulnerable 3rd Party libraries/platforms used
Installation script for Behat is stuck at "-->system" ►

This discussion has been locked so you can no longer reply to it.

Re: Sensitive data disclosure

by Tim Hunt - Friday, 22 January 2021, 11:05 PM

This is not the right way to report Moodle security issues. See https://moodle.org/security

(But, from what I have seen so far, your tester has failed to find any real issues. They just don't understand how Moodle works of what it is doing. E.g. the think in the URL is not as session id, it is a CSRF token. The nv_user is not created by Moodle, ...)

Average of ratings: Useful (4)

◄ Vulnerable 3rd Party libraries/platforms used
Installation script for Behat is stuck at "-->system" ►

Testing and QA

Sensitive data disclosure

Re: Sensitive data disclosure

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world