Description

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

Remediation

References

CVE-2012-1581

Related Vulnerabilities

Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2011-3624)

Internet Information Services Other Vulnerability (CVE-2001-0004)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31799)

Microsoft SQL Server Other Vulnerability (CVE-2002-0721)

PHP Other Vulnerability (CVE-2007-1583)

Severity

Medium

Classification

CVE-2012-1581 CWE-264

Tags

Missing Update Known Vulnerabilities