CVE-2012-1581
MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
| Software | From | Fixed in |
|---|---|---|
| mediawiki / mediawiki | 1.17.1 | 1.17.1.x |
| mediawiki / mediawiki | 1.17 | 1.17.x |
| mediawiki / mediawiki | 1.17-beta_1 | 1.17-beta_1.x |
| mediawiki / mediawiki | 1.17.2 | 1.17.2.x |
| mediawiki / mediawiki | 1.17.0 | 1.17.0.x |
| mediawiki / mediawiki | 1.17.0-rc1 | 1.17.0-rc1.x |
| mediawiki / mediawiki | 1.18-beta_1 | 1.18-beta_1.x |
| mediawiki / mediawiki | 1.18 | 1.18.x |
| mediawiki / mediawiki | 1.18.0-rc1 | 1.18.0-rc1.x |
| mediawiki / mediawiki | 1.18.1 | 1.18.1.x |
| mediawiki / mediawiki | 1.18.0 | 1.18.0.x |
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html
- http://secunia.com/advisories/48504
- http://www.openwall.com/lists/oss-security/2012/03/22/9
- http://www.openwall.com/lists/oss-security/2012/03/24/1
- http://www.securityfocus.com/bid/52689
- https://bugzilla.wikimedia.org/show_bug.cgi?id=35078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78910
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime