PT-2018-3568 · Wikimedia+1 · Mediawiki+1
Rxy
·
Published
2018-09-22
·
Updated
2022-05-13
·
CVE-2018-0505
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
MediaWiki versions 1.31 before 1.31.1
MediaWiki version 1.30.1
MediaWiki version 1.29.3
MediaWiki version 1.27.5
Description:
The issue is related to a flaw in the authentication procedure, allowing attackers to bypass CentralAuth's account lock. This can be exploited by remote attackers. The flaw is associated with BotPasswords.
Recommendations:
For MediaWiki version 1.31 before 1.31.1, update to version 1.31.1 or later.
For MediaWiki version 1.30.1, consider upgrading to a newer version.
For MediaWiki version 1.29.3, consider upgrading to a newer version.
For MediaWiki version 1.27.5, consider upgrading to a newer version.
As a temporary workaround, consider restricting the use of BotPasswords until a patch is available.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mediawiki