Description
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Snazzy Maps Multiple Cross-Site Scripting Vulnerabilities (1.1.3)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)
Oracle Database Server Improper Input Validation Vulnerability (CVE-2018-1000873)
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.33)