CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.6%
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
Vendor | Product | Version | CPE |
---|---|---|---|
mediawiki | mediawiki | 1.25.0 | cpe:/a:mediawiki:mediawiki:1.25.0::: |
mediawiki | mediawiki | 1.25.1 | cpe:/a:mediawiki:mediawiki:1.25.1::: |
mediawiki | mediawiki | cpe:/a:mediawiki:mediawiki:::: | |
mediawiki | mediawiki | 1.24.2 | cpe:/a:mediawiki:mediawiki:1.24.2::: |
mediawiki | mediawiki | 1.24.0 | cpe:/a:mediawiki:mediawiki:1.24.0::: |
mediawiki | mediawiki | 1.24.4 | cpe:/a:mediawiki:mediawiki:1.24.4::: |
mediawiki | mediawiki | 1.25.3 | cpe:/a:mediawiki:mediawiki:1.25.3::: |
mediawiki | mediawiki | 1.24.3 | cpe:/a:mediawiki:mediawiki:1.24.3::: |
mediawiki | mediawiki | 1.26.0 | cpe:/a:mediawiki:mediawiki:1.26.0::: |
mediawiki | mediawiki | 1.25.2 | cpe:/a:mediawiki:mediawiki:1.25.2::: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.6%