Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilised.
Severity/Risk: | Minor |
Versions affected: | 4.3 to 4.3.3 |
Versions fixed: | 4.3.4 |
Reported by: | caglaroflazoglu |
CVE identifier: | CVE-2024-34009 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81463 |
Tracker issue: | MDL-81463 ReCAPTCHA can be bypassed on the login page |