CVE-2012-4381

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.18.0 through 1.18.4 MediaWiki versions 1.19.0 through 1.19.1

Description The issue could make it easier for attackers to obtain cleartext passwords via a brute-force attack. Additionally, when an authentication plugin returns a false in the strict function, it could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.

Recommendations For MediaWiki versions 1.18.0 through 1.18.4, update to version 1.18.5 or later. For MediaWiki versions 1.19.0 through 1.19.1, update to version 1.19.2 or later.