 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2013-2032 |
| Description: | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-2032 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html http://security.gentoo.org/glsa/glsa-201310-21.xml http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html http://secunia.com/advisories/55433 |