CVE-2011-1766

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.16.5

Description The issue allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation, due to the failure to clear certain cached data after verification of an auth token fails when wgBlockDisablesLogin is enabled.

Recommendations For versions prior to 1.16.5, update to version 1.16.5 or later to resolve the issue. As a temporary workaround, consider disabling the wgBlockDisablesLogin feature until a patch is available. Restrict access to sensitive areas of the wiki to minimize the risk of exploitation. Avoid leaving workstations unattended while logged in to the wiki.