NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security > Security Fixes and Improvements

August 11th, 2009, 09:55 GMT · By Catalin Cimpanu

WordPress 2.8.3 Password Reset Vulnerability

Adjust text size:

After the release of the new 2.8.3 security update, WordPress faces a dangerous vulnerability that can lock out blog owners from their admin account. Using the online password reset function, hackers can remotely reset the admin password.

This issue was first reported by Laurent Gaffie on August 11 in a mailing list for Grok. WordPress developers have already been informed and a solution was incorporated in a development version of WordPress.

In a standard situation, for a user to recuperate their password, they will first need to request it via the “Reset password” link. The user will then receive, on the registered email account, a message containing a verification link, which, when clicked, will delete the old password and replace it with a new one. This new password will be sent to the user registered email as well.

By passing an array to the $key value inside the wp-login.php module, the script can be forced to reset the admin password. This hack jumps the email verification step, and so the attack is invisible to the blog's owner. All these actions can be done from a simple browser window.

This vulnerability can be used solely to reset the administrator password and not to remotely break and access the blog platform. It can only be used to lock out administrators from their blog.

The changeset in the development version introduced by WordPress prevents any kind of array to be passed to the $key variable value in wp-login.php

The line

CODE

if ( empty( $key ) )

was updated with

CODE

if ( empty( $key ) || is_array( $key ) )

For the owners that already have been locked out of their accounts, WordPress has recommended the usage of the “Emergency Password Reset Script.” Administrators using this script need to know their admin account name (if different from standard) and have to upload the script in the same directory as the wp-login.php module. More instructions can be found on the official WordPress “Resetting Your Password” page.

Editors Note: A day after the problem was reported, WordPress released the 2.8.4 version which fixes this security glitch.

FILED UNDER:

TELL US WHAT YOU THINK:

2,960 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

WordPres Blogs DoS Attack

WordPress Vulnerable

Masking Passwords: Good or Bad Debate

The Unbreakable Password

Flaws in XML Libraries Put Countless Applications at Risk

READER COMMENTS:

No user comments yet.

Be the first to express your opinion!

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use