CVE-2011-1766 Information
Description
includes/User.php in MediaWiki before 1.16.5 when wgBlockDisablesLogin is enabled does not clear certain cached data after verification of an auth token fails which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies or by leveraging an unattended workstation.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html http://secunia.com/advisories/44684 http://www.securityfocus.com/bid/47722 https://bugzilla.redhat.com/show_bug.cgi?id=702512 https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
Share on: