This is an article from the International Journal of Information Technology and Knowledge Management published last January 2011. While some specifics may have changed with the release of Moodle 2.1 and 2.2, there is a wealth of knowledge about Moodle’s pluses, minuses and possible security exploitations.
Kumar and Dutta start out with an introduction to Moodle, its origins and rapid growth as well as its comparative advantages and disadvantages as seen through a wider lens of the LMS market.
There after it immediately launches into a survey of the possible security vulnerabilities of Moodle sites, including but not limited to
- authentication attacks
- denial of service attacks
- cross site scripting
- session hijacking
One of the major limitations of Moodle, according to Dutta and Kumar is its inability to apply https across the entire site (though authentication and some administrative functions are supported). If you’re interested in learning more about Moodle.org’s Security Recommendations go to http://docs.moodle.org/22/en/Security_recommendations.
The conclusion of the paper proposes a couple of solutions to possible security attacks which can help to mitigate or even prevent the exploitation of the vulnerabilities. Two relatively simple solutions are applying Captcha to the registration process and enabling using SSL.
Find this PDF article and more at http://www.csjournals.com/IJITKM/ijitkmVol4-1.html