An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-21T22:37:15

Updated: 2024-08-04T17:09:14.084Z

Reserved: 2020-12-21T00:00:00

Link: CVE-2020-35623

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-21T23:15:12.437

Modified: 2024-11-21T05:27:43.167

Link: CVE-2020-35623

cve-icon Redhat

No data.