CVE-2011-1766

Sažetak

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://secunia.com/advisories/44684
http://www.securityfocus.com/bid/47722
https://bugzilla.redhat.com/show_bug.cgi?id=702512
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

16-06-2011 - 02:56

Objavljeno

23-05-2011 - 22:55