{"containers": {"cna": {"affected": [{"product": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2", "vendor": "n/a", "versions": [{"status": "affected", "version": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."}], "problemTypes": [{"descriptions": [{"description": "information leak because of response discrepancy", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-16T10:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "1039812", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039812"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"}, {"name": "DSA-4036", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-4036"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2017-8810", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2", "version": {"version_data": [{"version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information leak because of response discrepancy"}]}]}, "references": {"reference_data": [{"name": "1039812", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039812"}, {"name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html", "refsource": "CONFIRM", "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"}, {"name": "DSA-4036", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4036"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:48:22.197Z"}, "title": "CVE Program Container", "references": [{"name": "1039812", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039812"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"}, {"name": "DSA-4036", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-4036"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2017-8810", "datePublished": "2017-11-15T08:00:00", "dateReserved": "2017-05-07T00:00:00", "dateUpdated": "2024-08-05T16:48:22.197Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "2825F885-DD77-4822-B659-D5AFB56C6B17", "versionEndIncluding": "1.27.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "70CAB8A9-39D5-41F4-800C-79E4FE57B12D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "A060BA59-05C8-4646-97D7-4F382B4EBCC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.28.2:*:*:*:*:*:*:*", "matchCriteriaId": "E67B837B-D085-4EE4-9556-D25BFA9BC108", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "CFA5659C-9DEA-494E-BB32-E6573E180C26", "vulnerable": true}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.29.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A457BE6-9F2F-45C9-A650-46F7E4B77E20", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."}, {"lang": "es", "value": "MediaWiki en versiones anteriores a la 1.27.4; las versiones 1.28.x anteriores a la 1.28.3 y las versiones 1.29.x anteriores a la 1.29.2, cuando se ha configurado una wiki privada, proporciona diferentes mensajes de error para intentos de inicio de sesi\u00f3n fallidos dependiendo de si existe el nombre de usuario. Esto permite que atacantes remotos enumeren nombres de cuentas y lleven a cabo ataques de fuerza bruta mediante una serie de peticiones."}], "id": "CVE-2017-8810", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-15T08:29:00.673", "references": [{"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039812"}, {"source": "security@debian.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-4036"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}