CVE-2012-1581
EPSS 0.54%
Description
MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
How to fix CVE-2012-1581
To remediate CVE-2012-1581, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.15.5-9 or later
Is CVE-2012-1581 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.15.5-9