Despite being obsolete, many admins cling to the vulnerable solution

Jun 13, 2014 11:45 GMT  ·  By

A blogging tool popular in Japan is currently targeted by cybercriminals through vulnerabilities that allow the attacker access to authentication credentials.

Web Diary Professional (WDP) is the WordPress equivalent in Japan and even if its development has been terminated and there is a more secure successor, many administrators are still running older versions exposed to attacks.

Through a simple search on Google, using certain keywords for refined results, researchers at Kaspersky found that as of April 2014 there were about 500,000 websites running on the WDP platform.

Further investigation revealed that around 80% of them shared an issue that permitted outside users to view a file that contained information about the account, including a hash of the administrator’s authentication password, user account and permission.

In the case of stronger countersigns, it would take an attacker too much time to decrypt them, which would discourage the action. However, many users still have simple passwords that can be easily deciphered with a cracking tool.

The experiment ran by the security researcher in a test environment showed that more than 26% of the password hashes were decrypted in about three hours’ time.

Such a compromised account practically allows a cybercriminal to make changes at whim, with effect on the website’s users. Spamming or luring them to a malicious page that serves malware are common practices.

Kaspersky noticed in one case that multiple WDP-based websites were hosted on the same server. One of the sites was infected with a backdoor. Thus, the risk of infection extends to other websites on the server.