PROBLEM:
A vulnerability has been reported in the CentralAuth extension for MediaWiki, which can be exploited by malicious people to bypass certain security restrictions.
PLATFORM:
MediaWiki CentralAuth Extension
ABSTRACT:
A vulnerability has been reported in the CentralAuth extension for MediaWik
REFERENCE LINKS:
Secunia Advisory SA54723
IMPACT ASSESSMENT:
Medium
DISCUSSION:
The vulnerability is caused due to an error when handling auto-logins and can be exploited to bypass the authentication mechanism by providing a valid username within the "centralauth_User" cookie.
IMPACT:
Security Bypass
SOLUTION:
Update to a fixed version.