What the vulnerability does
01Description
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
Explanation of Vulnerability in Simple Terms
Masteriyo LMS versions up to 2.1.8 contain an improper cryptographic signature verification flaw. An attacker can forge authentication tokens or tamper with signed data without valid credentials. This allows unauthorized access to LMS features and user data. Update to a version newer than 2.1.8 to resolve the issue.
What an attacker can do
Forge authentication tokens or tamper with cryptographically signed data to gain unauthorized access.
Potential impact on your site
Attackers can bypass authentication and access student records, course content, and administrative functions without valid credentials.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities