Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability - CVE-2014-2243 - Vulnerability Database
MediaWiki

MediaWiki Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability - CVE-2014-2243

Medium
Reference: CVE-2014-2243
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-2243
Title: MediaWiki Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Overview:

includes/User.php in MediaWiki before 1.19.12 1.20.x and 1.21.x before 1.21.6 and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.