« Mac OS X v10.5.8 Update | Main | Bypassing OWASP ESAPI XSS Protection inside Javascript »

Wordpress Admin Password Reset Vulnerability

"Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner." - Wordpress.org

User's are urged to upgrade to 2.8.4 immediately. Additional details can be found below.

Vendor Blog: http://wordpress.org/development/2009/08/2-8-4-security-release/
Dshield: http://isc.sans.org/diary.html?storyid=6934
Vulnerability Details: http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070137.html
Commentary: http://www.darknet.org.uk/2009/08/wordpress-2-8-3-admin-reset-exploit/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

is this problem resolved or not ?