{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T09:17:51.964","vulnerabilities":[{"cve":{"id":"CVE-2012-4381","sourceIdentifier":"secalert@redhat.com","published":"2020-02-08T18:15:11.243","lastModified":"2024-11-21T01:42:46.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors."},{"lang":"es","value":"MediaWiki versiones anteriores a 1.18.5 y versiones 1.19.x anteriores a 1.19.2, guardan las contraseñas en la base de datos local, (1) lo que podría facilitar a atacantes dependiendo del contexto obtener contraseñas de texto sin cifrar por medio de un ataque de fuerza bruta o, (2) cuando un plugin de autenticación devuelve un falso en la función strict, podría permitir a atacantes remotos utilizar contraseñas antiguas para cuentas no existentes en un sistema de autenticación externo por medio de vectores no especificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18.5","matchCriteriaId":"84B14B98-4263-457B-B6AF-3F766621A803"},{"vulnerable":true,"criteria":"cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.19.2","matchCriteriaId":"94005844-01F9-4B1B-9306-463C0C602067"}]}]}],"references":[{"url":"http://osvdb.org/show/osvdb/85106","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"http://www.openwall.com/lists/oss-security/2012/08/31/10","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2012/08/31/6","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=853442","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html","source":"secalert@redhat.com","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T41184","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://osvdb.org/show/osvdb/85106","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.openwall.com/lists/oss-security/2012/08/31/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2012/08/31/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=853442","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://phabricator.wikimedia.org/T41184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}