QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2665

Published: Apr 20, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.wikimedia.org/show_bug.cgi?id=62497

x_refsource_CONFIRM

[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf

mailing-list

x_refsource_MLIST

[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14

mailing-list

x_refsource_MLIST

[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf

mailing-list

x_refsource_MLIST

https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.