Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2015-8623

Disclosure Date: March 23, 2017 (last updated October 05, 2023)
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-8624

Disclosure Date: March 23, 2017 (last updated October 05, 2023)
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0