Description

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

Remediation

References

CVE-2012-1581

Related Vulnerabilities

Oracle HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43818)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-1945)

WebLogic CVE-2021-2108 Vulnerability (CVE-2021-2108)

WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)

Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-2227)

Severity

Medium

Classification

CVE-2012-1581 CWE-264

Tags

Missing Update Known Vulnerabilities