CVE-2017-8810

Priority
Description
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2,
when a private wiki is configured, provides different error messages for
failed login attempts depending on whether the username exists, which
allows remote attackers to enumerate account names and conduct brute-force
attacks via a series of requests.
Notes
Package
Upstream:released (1:1.27.4-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.27.4-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.27.4-1)
More Information

Updated: 2020-01-29 20:00:29 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)