Description

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

Remediation

References

CVE-2020-35623

Related Vulnerabilities

WordPress 3.9.x Arbitrary File Deletion Vulnerability (3.9 - 3.9.24)

PHP Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2006-5178)

MySQL CVE-2020-14812 Vulnerability (CVE-2020-14812)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4303)

WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.3.2)

Severity

High

Classification

CVE-2020-35623 CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities