CVE-2011-4584 Information

Description

The MNET authentication functionality in Moodle 1.9.x before 1.9.15 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability as demonstrated by a Mahara site.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b http://moodle.org/mod/forum/discuss.php?d=191751 http://www.debian.org/security/2012/dsa-2421 https://bugzilla.redhat.com/show_bug.cgi?id=761248