Lucene search

K
cvelistDebianCVELIST:CVE-2017-8810
HistoryNov 15, 2017 - 8:00 a.m.

CVE-2017-8810

2017-11-1508:00:00
debian
www.cve.org
8

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

50.9%

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.

CNA Affected

[
  {
    "product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
      }
    ]
  }
]

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

50.9%