Description

MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.

Remediation

References

CVE-2012-1581

Related Vulnerabilities

Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)

TYPO3 Other Vulnerability (CVE-2006-5069)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15735)

PHP Improper Input Validation Vulnerability (CVE-2010-3709)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)

Severity

Medium

Classification

CVE-2012-1581 CWE-264

Tags

Missing Update Known Vulnerabilities