Description
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43
Patch, Third Party Advisory x_refsource_misc
https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679
Scores
CVSS v3
10.0
EPSS
0.0117
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-287
CWE-74
Status
published
Products (1)
scratch-wiki/scratch_login
< 1.1
Published
Aug 28, 2020
Tracked Since
Feb 18, 2026