Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2011-1766

Good to know:

icon

Date: May 23, 2011

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

Language: PHP

Severity Score

Related Resources (11)

http://secunia.com/advisories/44684
http://www.securityfocus.com/bid/47722
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
https://bugzilla.redhat.com/show_bug.cgi?id=702512
https://nvd.nist.gov/vuln/detail/CVE-2011-1766
https://people.canonical.com/~ubuntu-security/cve/CVE-2011-1766
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
https://www.mend.io/vulnerability-database/CVE-2011-1766

Severity Score

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

icon

Upgrade Version

Upgrade to version mediawiki/core - 1.16.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us