SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2012-1581

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SECUNIA-48504

BID-52689

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html

http://www.openwall.com/lists/oss-security/2012/03/22/9

http://www.openwall.com/lists/oss-security/2012/03/24/1

https://bugzilla.wikimedia.org/show_bug.cgi?id=35078

mediawiki-random-numbers-sec-bypass(78910)


30479



423868



248038



909



194772



282