CVE-2011-1766
MediaWiki < 1.16.5 - Authentication Bypass via Cached User Data
Title source: llmDescription
includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=702512
Patch x_refsource_confirm
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44684
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47722
Patch mailing-list
x_refsource_mlist
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html
Scores
EPSS
0.0033
EPSS Percentile
56.1%
Details
CWE
CWE-287
Status
published
Products (42)
mediawiki/mediawiki
1.1.0
mediawiki/mediawiki
1.2.0
mediawiki/mediawiki
1.2.1
mediawiki/mediawiki
1.2.2
mediawiki/mediawiki
1.2.3
mediawiki/mediawiki
1.2.4
mediawiki/mediawiki
1.2.5
mediawiki/mediawiki
1.2.6
mediawiki/mediawiki
1.3
mediawiki/mediawiki
1.3.0
... and 32 more
Published
May 23, 2011
Tracked Since
Feb 18, 2026