An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki | eq | 1.35.0 | |
mediawiki | eq | 1.35.3 | |
mediawiki | eq | 1.6.0 | |
mediawiki | eq | 1.35.5 | |
mediawiki | eq | 1.5.0alpha2 | |
mediawiki | eq | 1.1.0 | |
mediawiki | eq | 1.5.0beta4 | |
mediawiki | eq | 1.3.0beta1 | |
mediawiki | eq | 1.35.8 | |
mediawiki | eq | 1.35.0-rc.1 |