6-year-old Moodle flaw exposed millions to account takeover attack

6-year-old Moodle flaw exposed millions to account takeover attack

The vulnerability affected students and teachers on Moodle worldwide as attackers could alter grades for exams and homework, enroll or un-enroll students to class, download/delete other student’s homework, etc.


The Wizcase cyber research team, led by Ata Hakcii, discovered a security vulnerability in the open-source learning platform, Moodle. It is an educational platform where universities and other educational institutions distribute content to almost 242 million users; students and teachers.


Moodle allows teachers to easily communicate with students, organize and post links, documents, assignments, quizzes, and grades. 


About the vulnerability


The vulnerability was discovered on 9th October 2020 however details of it were released last week. According to researchers, the platform was vulnerable for 6 years before being discovered and patched.


Any university or school that used Moodle during that time with TeX filter enabled was at risk. TeX filter is mainly needed when sharing mathematical formulas so scientific or economics departments of universities will probably have TeX filter enabled. 

Consequences


According to Wizcase’s report, the consequences and risks researchers discovered, the main threat engendered was “account takeover.” For instance, if an admin account is compromised, an attacker would be able to access the username and hashed passwords of all the server users and alter their passwords to something else.


SEE: Exam tool ProctorU breach as hackers leak its database


Moreover, the admin can also read database configuration and the database contains the hashed passwords of all the users so t ..