PT-2014-4579 · Wikimedia+1 · Mediawiki+1
Publicado
2014-03-02
·
Atualizado
2014-03-14
·
CVE-2014-2243
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWiki versions prior to 1.19.12
MediaWiki versions 1.20.x
MediaWiki versions 1.21.x prior to 1.21.6
MediaWiki versions 1.22.x prior to 1.22.3
Description
The issue makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses, due to the termination of validation of a user token upon encountering the first incorrect character in the includes/User.php file.
Recommendations
For MediaWiki versions prior to 1.19.12, update to version 1.19.12 or later.
For MediaWiki versions 1.20.x, update to a version outside of the 1.20.x range, such as 1.19.12 or 1.21.6 or later.
For MediaWiki versions 1.21.x prior to 1.21.6, update to version 1.21.6 or later.
For MediaWiki versions 1.22.x prior to 1.22.3, update to version 1.22.3 or later.
Correção
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Mediawiki