CVE-2012-1581

2012-09-0921:55:06

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-1581

mediawiki

password reset

weak random numbers

remote attackers

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.0%

JSON

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

Affected configurations

NVD

Node

mediawikimediawikiMatch1.17

mediawikimediawikiMatch1.17beta_1

mediawikimediawikiMatch1.17.0

mediawikimediawikiMatch1.17.0rc1

mediawikimediawikiMatch1.17.1

mediawikimediawikiMatch1.17.2

Node

mediawikimediawikiMatch1.18

mediawikimediawikiMatch1.18beta_1

mediawikimediawikiMatch1.18.0

mediawikimediawikiMatch1.18.0rc1

mediawikimediawikiMatch1.18.1

CPENameOperatorVersion
mediawiki:mediawikimediawikieq1.17
mediawiki:mediawikimediawikieq1.17.0
mediawiki:mediawikimediawikieq1.17.1
mediawiki:mediawikimediawikieq1.17.2