CVE-2011-1766

MediaWiki <1.16.5 - Auth Bypass

Title source: llm

Description

includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.

References (8)

[Patch] http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html

[Third Party Advisory] http://secunia.com/advisories/44684

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=702512

[Patch] https://bugzilla.wikimedia.org/show_bug.cgi?id=28639

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47722

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html

Scores

EPSS 0.0033

EPSS Percentile 55.6%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

mediawiki/mediawiki < 1.16.4

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

... and 35 more

Timeline

Published May 23, 2011

Tracked Since Feb 18, 2026