Volerion logoVolerion
Volerion logoVolerion

Moodle Rate Limiting Vulnerability in Confirmation Email Service Facilitates Brute-Force Attacks

Vulnerability

A vulnerability in Moodle's confirmation email service allows remote attackers to exploit inadequate rate limiting. This flaw can be used to more easily enumerate or guess user credentials, thereby facilitating brute-force attacks on user accounts.

Impact

The lack of proper rate limiting can lead to increased success in brute-force attacks, allowing attackers to gain unauthorized access to user accounts by guessing passwords.

Added: Feb 3, 2026, 11:22 AM
Updated: Feb 3, 2026, 5:31 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
0.6
exploitability
7.4
remediation
0.0
relevance
2.5
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.