Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

August 2009
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Wordpress fixes password reset security flaw

By Sean Michael Kerner on August 12, 2009 9:30 AM
wordpresslogo.jpg
From the 'scary security flaws' files:

Imagine this scenario. An attacker visits your blog, inputs an array in the http address header and PRESTO, your admin password is automatically reset - locking the real admin out of their own site.

A vulnerability fixed by the open source Wordpress blog software today isn't quite that scary but it's close.
"Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset," Wordpress states in an advisory. "As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn't allow remote access, but it is very annoying."
Wordpress has a free online hosted blogging service, where the site software is automatically updated -- then there are thousands of users that have installed Wordpress on their own sites - those are the ones that need to update on their own and soon.

| Comments (0) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Wordpress fixes password reset security flaw.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8696

Leave a comment