Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MediaWiki Password Reset Cross-site Request Forgery Vulnerability



The remote web server is running a PHP application that is affected by a cross-site request forgery.


In versions older than 1.22.5, 1.21.8, and 1.19.14, WikiMedia contains a flaw in Special:ChangePassword, due to its implementation of the password reset action. An attacker could leverage the lack of explicit confirmation, unique tokens, or multi-step process, to induce a victim to reset their password via a specially crafted link.


Upgrade to MediaWiki version 1.22.5, 1.21.8, or 1.19.14, or later.