Description
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
Remediation
References
Related Vulnerabilities
Craft CMS Files or Directories Accessible to External Parties Vulnerability (CVE-2024-52292)
MySQL CVE-2014-4207 Vulnerability (CVE-2014-4207)
WordPress Plugin Attachment File Icons (AF Icons) Cross-Site Request Forgery (1.3)
Oracle HTTP Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2015-2808)