CVE-2020-35623

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/CWRUChielLab/CASAuth/pull/11	Patch Third Party Advisory
https://phabricator.wikimedia.org/T263498	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-21 23:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-35623

Mitre link : CVE-2020-35623

CVE.ORG link : CVE-2020-35623

JSON object : View

Products Affected

mediawiki

mediawiki

CWE

CWE-20

Improper Input Validation

CWE-706

Use of Incorrectly-Resolved Name or Reference

{"id": "CVE-2020-35623", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-12-21T23:15:12.437", "references": [{"url": "https://github.com/CWRUChielLab/CASAuth/pull/11", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://phabricator.wikimedia.org/T263498", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-706"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la extensi\u00f3n CasAuth para MediaWiki versiones hasta 1.35.1. Debido a una comprobaci\u00f3n inapropiada del nombre de usuario, permiti\u00f3 la suplantaci\u00f3n del usuario con manipulaciones triviales de determinados caracteres dentro de un nombre de usuario determinado. Un usuario com\u00fan es capaz de iniciar sesi\u00f3n como un \"bureaucrat user\" que presenta un nombre de usuario similar, como es demostrado por los nombres de usuario que solo difieren en (1) s\u00edmbolos de anulaci\u00f3n bidireccionales o (2) espacios en blanco"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7", "versionEndIncluding": "1.35.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}