CVE-2020-15164 – in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into …

28 August 2020

Vuln ID: CVE-2020-15164

Published: 2020-08-28 17:15:11Z

Description: in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki.

This affects all users on any wiki using this extension.

Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.

Source: NVD.NIST.GOV

Date:

28 August 2020

Categorie(s):

NVD

Tag(s):

NVD

[FREE EBOOKS] Cyber Security and Network Security, Build Your Own Programming Language – Second Edition & Four More Best Selling Titles18 May 2024
US Official Warns a Cell Network Flaw Is Being Exploited for Spying18 May 2024
How two brothers allegedly swiped $25M in a 12-second Ethereum heist18 May 2024
Leveling the cybersecurity playing field18 May 2024
Automated pentesting in the cloud18 May 2024