• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MoinMoin Group Name Privilege Escalation Vulnerability

It is reported that MoinMoin contains a privilege escalation vulnerability whereby regular users can gain administrative privileges.

MoinMoin allows remote web clients to create their own user accounts without administrative intervention or approval. It is reported that if a user creates an account with the same name as an administrative group, the user will inherit the privileges of that same administrative group.

An attacker would use this vulnerability to gain complete access to the MoinMoin Wiki, and could gain access to sensitive information, or destroy information.

Versions before 1.2.2 are reported vulnerable.