Description

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.

Remediation

References

CVE-2015-6728

Related Vulnerabilities

Oracle JRE CVE-2013-2425 Vulnerability (CVE-2013-2425)

Oracle JRE CVE-2013-0448 Vulnerability (CVE-2013-0448)

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12)

PostgreSQL Other Vulnerability (CVE-2006-5542)

Oracle Database Server CVE-2010-3590 Vulnerability (CVE-2010-3590)

Severity

High

Classification

CVE-2015-6728 CWE-352

Tags

Missing Update Known Vulnerabilities