CVE-2026-54733 in o365-moodleinfo

Summary

by MITRE • 07/16/2026

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin local_o365 Teams SSO endpoint sso_login.php base64-decodes a JWT payload and authenticates users from the upn claim without verifying the JWT signature, allowing an unauthenticated attacker to forge a token and obtain a Moodle session as an O365-authenticated user. This issue is fixed in versions 4.5.6, 5.0.5, and 5.1.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/16/2026

The vulnerability affects the Microsoft 365 and Microsoft Entra ID plugins for Moodle, which provide integration capabilities between Moodle learning management system and Office 365/Azure Active Directory services. These plugins enable single sign-on functionality allowing users to authenticate through their Microsoft identities. The specific flaw exists in the Teams SSO endpoint at sso_login.php within the local_o365 plugin implementation. This represents a critical authentication bypass vulnerability that undermines the security model of the integrated authentication system.

The technical flaw manifests in the improper handling of JSON Web Tokens (JWT) during the authentication process. The vulnerable code base64-decodes a JWT payload and extracts user information from the upn claim without performing any signature verification. This cryptographic weakness allows an attacker to forge valid-looking JWT tokens by simply constructing a malicious payload with a valid upn value while omitting or bypassing the signature validation step. The absence of signature verification creates a trust relationship that should not exist, enabling arbitrary authentication claims.

This vulnerability enables unauthenticated attackers to obtain Moodle sessions as authenticated Office 365 users without possessing legitimate credentials or access rights. The impact extends beyond simple unauthorized access to potentially allow privilege escalation and lateral movement within the organization's learning management environment. An attacker could impersonate any valid user account present in the Microsoft directory, potentially gaining access to sensitive educational data, course materials, and user information. The vulnerability affects multiple Moodle versions including 4.5.6, 5.0.5, and 5.1.1, indicating a widespread issue within the plugin ecosystem.

The security implications align with CWE-347 weakness category for improper certificate validation and fall under ATT&CK technique T1566 for credential access through forged tokens. This vulnerability represents a classic example of broken authentication where the system fails to properly validate the integrity of authentication tokens. Organizations using these Moodle plugins face significant risk of unauthorized access, data breaches, and potential compromise of educational environments that rely on Microsoft identity services for user management and access control.

The fix implemented in versions 4.5.6, 5.0.5, and 5.1.1 addresses the core issue by ensuring proper JWT signature verification before accepting authentication claims. This remediation restores the intended security model where tokens must be cryptographically validated before being accepted as legitimate authentication sources. System administrators should immediately upgrade to these patched versions to eliminate the vulnerability and ensure proper authentication integrity within their Moodle environments. The patch validates the JWT signatures using appropriate cryptographic libraries and ensures that all tokens are verified against the issuer's public key or shared secret before processing user claims.

Responsible

GitHub M

Reservation

06/16/2026

Disclosure

07/16/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!