CVE-2012-3394 Information

Description

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10 2.1.x before 2.1.7 2.2.x before 2.2.4 and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL which allows remote attackers to obtain sensitive information by sniffing the network.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76960