CVE-2013-4304 in MediaWikiinfo

Summary

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.

Reservation

06/12/2013

Disclosure

01/26/2014

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
10136	MediaWiki CentralAuth Extension CentralAuthHooks.php improper authentication	287	Not defined	Official fix	CVE-2013-4304

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸