CVE-2011-1766

critical

Description

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

References

https://bugzilla.wikimedia.org/show_bug.cgi?id=28639

https://bugzilla.redhat.com/show_bug.cgi?id=702512

http://www.securityfocus.com/bid/47722

http://secunia.com/advisories/44684

http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html

Details

Source: Mitre, NVD

Published: 2011-05-23

Updated: 2011-06-16

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical