Governance & Risk Management , Patch Management

Flaw Found in Moodle Online Learning Platform

Vulnerability in Authentication Module Patched
Flaw Found in Moodle Online Learning Platform
A patch is now available for a flaw in e-learning platform Moodle. (Photo: Moodle)

The bug hunting team at pentesting firm uncovered a remote code execution vulnerability in Moodle, an open-source online learning platform used by universities worldwide. The flaw has since been patched.

See Also: Cyber Hygiene and Asset Management Perception vs. Reality

The flaw is present in the logout feature in Moodle's authentication module Shibboleth, which helps universities using the platform to authenticate students' identities before they're allowed to attend external courses, Haxolot researchers say. The flaw causes the logout function to invalidate the session.

Flaw Breakdown

The flaw arises from a parsing issue in serialized value when a user attempts to log in to the platform.

The vulnerability could enable attackers to perform PHP web injection to enter a malicious code, the researchers say. "The unserializesession function [used to read every file and deserialize its contents] will detect the xxx| string as a new session key although it belongs to the serialized value of another session key," the report notes. This prematurely cuts off the serialized value mid-parsing and results in a broken deserialization." This could allow an attacker to execute any code of their choice. Other RCE flaws elsewhere, for example, have been exploited to deliver ransomware malware.

The researchers, who reported the bug to Moodle in February, note the company released a patch July 7. They did not report any examples of the flaw being exploited in the wild.

Targeting Education Sector

In a June alert, the U.K.'s National Cyber Security Center warned that unpatched software and hardware devices are one of the most common vectors for threat actors to gain access to a victim's network (see: NCSC Warns of Surge in Ransomware Attacks Against Schools).

A recent report by security firm Emsisoft found that schools were the most targeted ransomware victims in 2020, with almost 1,700 hacks against colleges and universities (see: Fueled by Profits, Ransomware Persists in New Year).

Educational institutions hit by cyberattacks include the U.K.'s Newcastle University and the University of Utah.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.