VDB
CVE-2017-8810
CVE-2017-8810
PUBLISHED
CVSS 5 MEDIUM
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
EPSS 0.96% · 76.9th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.96%
76.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mediawiki | mediawiki | 0, 1.29.0, 1.29.1 |
| n/a | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 |
| debian | debian_linux | 9.0 |
Timeline
- Nov 15, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score