MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki | eq | 1.17.1 | |
mediawiki | eq | 1.17 | |
mediawiki | eq | 1.17 beta-1 | |
mediawiki | eq | 1.17.2 | |
mediawiki | eq | 1.17.0 | |
mediawiki | eq | 1.17.0 rc1 | |
mediawiki | eq | 1.18 beta-1 | |
mediawiki | eq | 1.18 | |
mediawiki | eq | 1.18.0 rc1 | |
mediawiki | eq | 1.18.1 |
secunia.com/advisories/48504
www.openwall.com/lists/oss-security/2012/03/22/9
www.openwall.com/lists/oss-security/2012/03/24/1
www.securityfocus.com/bid/52689
bugzilla.wikimedia.org/show_bug.cgi?id=35078
exchange.xforce.ibmcloud.com/vulnerabilities/78910
lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html