9.3
CVE-2012-4381
- EPSS 4.06%
- Veröffentlicht 08.02.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 01:42:46
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.06% | 0.894 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
http://www.openwall.com/lists/oss-security/2012/08/31/10
http://www.openwall.com/lists/oss-security/2012/08/31/6
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330
https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html
http://osvdb.org/show/osvdb/85106
https://bugzilla.redhat.com/show_bug.cgi?id=853442
https://phabricator.wikimedia.org/T41184