CVE-2014-0008 Information

Description

lib/adminlib.php in Moodle through 2.3.11 2.4.x before 2.4.8 2.5.x before 2.5.4 and 2.6.x before 2.6.1 logs cleartext passwords which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html http://openwall.com/lists/oss-security/2014/01/20/1 http://www.securitytracker.com/id/1029647 https://moodle.org/mod/forum/discuss.php?d=252414