CVE-2022-30600 A flaw in moodle's login counter could lead to account lockout.

CVE-2022-30600 A flaw in moodle's login counter could lead to account lockout.

This flaw meant that an attacker could repeatedly attempt to access a user’s account until it was locked out, which could then result in the user being locked out of their account entirely. This flaw was addressed by changing the logic used to count failed login attempts.

Another issue could occur if a user’s password was reset due to a technical issue. For example, a password may have been reset due to a forgotten password. In this situation, the user’s account would remain unlocked but they would still be prompted to enter their password. An attacker could then use the password reset function to change the user’s password. This flaw was addressed by changing the logic behind password resets.

In addition, the update resolved an issue where a user’s settings, such as their licence status, would not persist if their account was locked.

User Interaction and Session Management

Another issue that was addressed in the update by changing the logic for password resets.

New Features in the Security Update

The update also introduced new features, including a "report abuse" button for content that is flagged as abusive. The feature allows users to report abusive content in their account such as hate speech, spam, threats and other inappropriate behavior. The feature is accessible from both the website and the Facebook mobile app.

Additionally, the update introduced a new "reserved name" function that prevents someone else from reserving your name on Facebook. This function has been added so that people who already have an account with a reserved name do not need to change their username when they register another account.

Finally, the update fixed a bug where notifications of friend requests could be delayed by up to 24 hours.

What to do if you’re currently experiencing issues with your account

If you are currently experiencing issues with your account, here is what to do:
- If you’re locked out of your account, contact the Facebook Support Team and they will help reset your password.
- If any settings on your account have been changed without your knowledge, contact the Facebook Support Team and they will help restore your account to its original state.

New Features and Improvements

This update included a number of new features, as well as resolving a number of issues.
One feature is the Adaptive Unlock feature, which automatically locks a user’s account if they fail to unlock it in three consecutive days. This helps to reduce the likelihood that an attacker will be able to repeatedly attempt to access the same account without being locked out.
Another new feature is the ability to send email notifications when an account is locked out or unlocked so that users can easily receive notification when their accounts are locked or unlocked.
Other improvements include:
- Resolving an issue where a user’s settings, such as their licence status, would not persist if their account was locked;
- Improving the process for changing passwords within Settings; and
- Increasing stability of the application.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe