CVE-2020-35623 - OpenCVE

An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a "bureaucrat user" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediawiki	Mediawiki

Configuration 1 [-]

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/CWRUChielLab/CASAuth/pull/11
https://phabricator.wikimedia.org/T263498

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-21T22:37:15

Updated: 2024-08-04T17:09:14.084Z

Reserved: 2020-12-21T00:00:00

Link: CVE-2020-35623

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-21T23:15:12.437

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-35623

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-21T22:37:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://phabricator.wikimedia.org/T263498"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35623", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://phabricator.wikimedia.org/T263498", "refsource": "MISC", "url": "https://phabricator.wikimedia.org/T263498"}, {"name": "https://github.com/CWRUChielLab/CASAuth/pull/11", "refsource": "MISC", "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:09:14.084Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://phabricator.wikimedia.org/T263498"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35623", "datePublished": "2020-12-21T22:37:15", "dateReserved": "2020-12-21T00:00:00", "dateUpdated": "2024-08-04T17:09:14.084Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC439F7D-8255-455F-A22C-2A6B655392D7", "versionEndIncluding": "1.35.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a \"bureaucrat user\" who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la extensi\u00f3n CasAuth para MediaWiki versiones hasta 1.35.1. Debido a una comprobaci\u00f3n inapropiada del nombre de usuario, permiti\u00f3 la suplantaci\u00f3n del usuario con manipulaciones triviales de determinados caracteres dentro de un nombre de usuario determinado. Un usuario com\u00fan es capaz de iniciar sesi\u00f3n como un \"bureaucrat user\" que presenta un nombre de usuario similar, como es demostrado por los nombres de usuario que solo difieren en (1) s\u00edmbolos de anulaci\u00f3n bidireccionales o (2) espacios en blanco"}], "id": "CVE-2020-35623", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-21T23:15:12.437", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/CWRUChielLab/CASAuth/pull/11"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T263498"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-706"}], "source": "nvd@nist.gov", "type": "Primary"}]}