The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/21/8 | Mailing List Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2015/12/23/7 | Mailing List Patch Third Party Advisory |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html | Patch Release Notes Vendor Advisory |
| https://phabricator.wikimedia.org/T115522 | Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2015/12/21/8 | Mailing List Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2015/12/23/7 | Mailing List Patch Third Party Advisory |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html | Patch Release Notes Vendor Advisory |
| https://phabricator.wikimedia.org/T115522 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-03-23 20:59
Updated : 2025-04-20 01:37
NVD link : CVE-2015-8626
Mitre link : CVE-2015-8626
CVE.ORG link : CVE-2015-8626
JSON object : View
Products Affected
mediawiki
- mediawiki
CWE
CWE-255
Credentials Management Errors