[ insider_reports_insider ]
WordPress Password Problem Crops Up
Doug Caverly
Staff Writer
2009-08-12
 Insider Reports RSS Feed
People who use version 2.8.3 of the WordPress blogging software may want to download an update posthaste. A vulnerability's been discovered that, while it won't let other folks take over accounts, will allow troublemakers to lock out administrators.
 | | WordPress Password Problem Crops Up |  |
Laurent Gaffié gets credit for uncovering the problem, and according to a warning published on Full Disclosure, this hack isn't the domain of shadowy professionals and government agents. About all that's needed in order to pull it off is a Web browser and one special URL.
Then, it's possible to mess with the WordPress password reset function, resetting passwords without the admin ever getting any notice of the action.
You can imagine how this would prove problematic if an administrator couldn't figure out what was going on. And even if an admin did catch on, a prankster could probably manage to repeat the performance over and over, creating a real headache or even permanent roadblock.
Luckily, version 2.8.4 of WordPress has been made available in response, and it addresses the issue. So get to downloading the update as soon as seems convenient for the sake of not getting locked out of your blog.
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
