Search Our Site

We have 3,314,549 registered online learners.
1,671 new learners so far today.

Vulnerabilities in Moodle LMS puts e-Learners at risk

schedule 11th April 2017 by Virtual College in Virtual College

Moodle LMS system has put e-learning companies at risk

Thousands of businesses that use the Moodle learning management system (LMS) could be at risk of a malicious data breach, it has been reported.

In March, the platform, which allows businesses and organisations to set up websites and online courses, released updates. Along with this, Moodle developers noted that a number of security-related issues were resolved, but did not state any further details, raising questions about the nature and impact of these security issues.

In total, the eLearning platform has over 78,000 websites spanning 234 countries with 100 million users. This means that those using Moodle should act quickly to resolve any issues that could potentially allow attackers to take over web servers.

The extent and severity of these security flaws were revealed later in the month following a blog post from security researcher Netanel Rubin, who found that the flaws allowed attackers to create hidden administrative accounts and execute malicious PHP code on the underlying server.

The data breach takes advantage of incorrect assumptions by the Moodle developers, this included a “logic flaw, an object injection, a double SQL injection, and an overly permissive administrative dashboard”, described Mr Rubin.

He believed that this issue derives from the reimplementation of a specific function without considering decisions made by the original function’s developers.

Mr Rubin said that this is a result of "having too much code, too many developers and lacking documentation".

"Keep in mind that logical vulnerabilities can and will occur in almost all systems featuring a large code base. Security issues in large code bases is, of course, not Moodle specific."

Attackers gaining access to the Moodle platform is dangerous not only because they could install a PHP backdoor by uploading vicious plug-ins or templates, but also because Moodle installations store sensitive and private information about businesses and eLearners taking online courses.

Source
www.csoononline.com

Virtual College logo

Author: Virtual College

The latest training news brought to you by Virtual College.

CPD
investors-in-people-silver
ISO 9001:2015
bcs-accredited-training-partner
Crown Commercial Service Supplier

Contact

+44 (0)1943 605 976

info@virtual-college.co.uk

Marsel House

Ilkley

West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.

Login

We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.