N/A

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

N/A

N/A

MediaWiki 安全漏洞

MediaWiki是美国MediaWiki（维基媒体）基金会的一套自由免费的基于网络的Wiki引擎。该产品可用于部署内部的知识管理和内容管理系统。 MediaWiki 1.35.1版本及之前版本存在安全漏洞，该漏洞源于CasAuth扩展不正确的用户名验证，它允许对给定用户名中的某些字符进行微不足道的操作来模拟用户。

N/A

N/A