Moodle: Secure Key Management in QR and Auto-login Systems

In Moodle versions 4.4, 4.3 to 4.3.4, 4.2 to 4.2.7, 4.1 to 4.1.10 and earlier a medium severity vulnerability CVE-2024-38277 was detected. It involves the use of cryptographic keys or passwords beyond their expiration date. This oversight extends the window during which these credentials could be vulnerable to cracking attacks, emphasizing the critical need for timely key and password management to uphold robust security measures. To fix this issue, users should upgrade Moodle to versions 4.4.1, 4.3.5, 4.2.8 and 4.1.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38277/.