Headline
CVE-2022-30600: Failed login attempts counted incorrectly
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Security announcements****MSA-22-0014: Failed login attempts counted incorrectly
- ◀︎ MSA-22-0013: SQL injection risk in badge award criteria
Display mode
MSA-22-0014: Failed login attempts counted incorrectly
by Michael Hawkins - Tuesday, 17 May 2022, 6:02 PM
Number of replies: 0
An issue in the logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Severity/Risk:
Serious
Versions affected:
4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versions
Versions fixed:
4.0.1, 3.11.7, 3.10.11 and 3.9.14
Reported by:
Shamim Rezaie
CVE identifier:
CVE-2022-30600
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736
Tracker issue:
MDL-73736 Failed login attempts counted incorrectly
Permalink
- ◀︎ MSA-22-0013: SQL injection risk in badge award criteria
◀︎ Issue Tracker
Jump to…
Social media ▶︎