Open Source News » Slashdot: IT » WordPress Exploit Allows Admin Password Reset

Feeds

34694 items (30181 unread) in 5 feeds

OpenSource (5762 unread)

• SourceForge.net: Front page news (802 unread)
• Slashdot: IT (4960 unread)

Security (11351 unread)

• Digg / Security (11351 unread)

Linux (13068 unread)

• digg / Linux/Unix (11408 unread)
• Slashdot: Linux (1660 unread)

Slashdot: IT

• 

  WordPress Exploit Allows Admin Password Reset

  Posted: August 12th, 2009, 5:04pm CEST by Soulskill

  Tags:  security  

  Multiple readers have sent word of a vulnerability in WordPress 2.8.3 which allows anyone to lock an admin out of his or her account by resetting the password. "The bug ... is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required." An alert on the Full Disclosure mailing list detailed the vulnerability, and WordPress quickly rolled out version 2.8.4 to address the issue.

  Read more of this story at Slashdot.