CVE-2012-1581 Information

Feb 14, 2021 cve

Description

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens which makes it easier for remote attackers to change the passwords of arbitrary users.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html http://secunia.com/advisories/48504 http://www.openwall.com/lists/oss-security/2012/03/22/9 http://www.openwall.com/lists/oss-security/2012/03/24/1 http://www.securityfocus.com/bid/52689 https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 https://exchange.xforce.ibmcloud.com/vulnerabilities/78910

Share on: