Description
The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2425 Vulnerability (CVE-2013-2425)
Oracle JRE CVE-2013-0448 Vulnerability (CVE-2013-0448)
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12)
PostgreSQL Other Vulnerability (CVE-2006-5542)
Oracle Database Server CVE-2010-3590 Vulnerability (CVE-2010-3590)