SecuritySpace - CVE-2014-2665

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-2665

Description: includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.

Test IDs: 1.3.6.1.4.1.25623.1.0.702891 1.3.6.1.4.1.25623.1.1.10.2014.0157

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-2665
http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html
http://openwall.com/lists/oss-security/2014/03/28/1
http://openwall.com/lists/oss-security/2014/04/01/7

CVE ID:	CVE-2014-2665
Description:	includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.
Test IDs:	1.3.6.1.4.1.25623.1.0.702891 1.3.6.1.4.1.25623.1.1.10.2014.0157
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2665 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html http://openwall.com/lists/oss-security/2014/03/28/1 http://openwall.com/lists/oss-security/2014/04/01/7