An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-21T22:37:15
Updated: 2024-08-04T17:09:14.084Z
Reserved: 2020-12-21T00:00:00
Link: CVE-2020-35623
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-21T23:15:12.437
Modified: 2024-11-21T05:27:43.167
Link: CVE-2020-35623
Redhat
No data.