Rapid7 Vulnerability & Exploit Database

MediaWiki: Credentials Management (CVE-2015-8009)

Back to Search

MediaWiki: Credentials Management (CVE-2015-8009)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
07/25/2017
Created
10/26/2019
Added
10/23/2019
Modified
10/23/2019

Description

The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials.

Solution(s)

  • mediawiki-upgrade-latest

References

  • mediawiki-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;