Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Authentication Vulnerability - CVE-2011-1766 - Vulnerability Database
MediaWiki

MediaWiki Improper Authentication Vulnerability - CVE-2011-1766

Medium
Reference: CVE-2011-1766
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-1766
Title: MediaWiki Improper Authentication Vulnerability
Overview:

includes/User.php in MediaWiki before 1.16.5 when wgBlockDisablesLogin is enabled does not clear certain cached data after verification of an auth token fails which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies or by leveraging an unattended workstation.