Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
MediaWiki Improper Authentication Vulnerability - CVE-2013-4304 - Vulnerability Database
MediaWiki

MediaWiki Improper Authentication Vulnerability - CVE-2013-4304

High
Reference: CVE-2013-4304
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-4304
Title: MediaWiki Improper Authentication Vulnerability
Overview:

The CentralAuth extension for MediaWiki 1.19.x before 1.19.8 1.20.x before 1.20.7 and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in which allows remote attackers to bypass authentication without a password.