The Church Media Community
Equipping You to Communicate Effectively		 support CMN & share a
library of 19K+ images, videos, etc
Go Pro!
 
Go Back   The Church Media Community > Website Design > Content Management Systems (CMS)
WordPress: Security Alert WordPress: Security Alert
Forgot Password?
                          Register

Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old Tuesday, August 11th, 2009, 11:26 AM
greg4god's Avatar
Church Media Regular

  
 Join Date: Jun 2007 
 Last Online: Monday, May 21st, 2012 
WordPress: Security Alert
http://blogs.zdnet.com/security/?p=4002
Quote:
Researchers are sounding the alarm for a serious administrator password-reset vulnerability affecting the latest version of WordPress, the popular open-source blog publishing platform.

The flaw, which can be exploited via the browser, gives an attacker a trivial way to compromise the admin account of any WordPress of WordPress MU (multiple user) installation.
see http://seclists.org/fulldisclosure/2009/Aug/0113.html for details of it.

IMO, until there is a fix for this, prevent that code from executing in that section, see the second link above for location of code:
Code:
case 'resetpss': 
case 'rp':

    die ('Due to technical issues with WordPress, please contact the administrator to reset your password.');

     .... (the code that is normally in here) ...
    
    break;
-Greg
Reply With Quote Start a New Topic From This Comment
  #2 (permalink)  
Old Tuesday, August 11th, 2009, 11:59 AM
waynehoskins's Avatar
The Crazy Analog Guy
Become a CMN Professional Member!

 
 Join Date: May 2006 
 Last Online: Today 
Thanks for the heads up! I just implemented your patch.
Reply With Quote Start a New Topic From This Comment
  #3 (permalink)  
Old Tuesday, August 11th, 2009, 12:21 PM
greg4god's Avatar
Church Media Regular

  
 Join Date: Jun 2007 
 Last Online: Monday, May 21st, 2012 
Not sure how final this is, but here a fix that may do it:

http://core.trac.wordpress.org/changeset/11798
Reply With Quote Start a New Topic From This Comment
The Following User Says Thank You to greg4god For This Useful Post:
blonborg (Tuesday, August 11th, 2009)
  #4 (permalink)  
Old Tuesday, August 11th, 2009, 07:52 PM
Church Media Regular

  
 Join Date: Nov 2008 
 Last Online: Monday, May 21st, 2012 
Greg, thanks for the heads up!

Quote:
Originally Posted by greg4god View Post
Not sure how final this is, but here a fix that may do it:
I implemented the fix on one site, then upgraded the other from 2.7x to 2.83 and applied the fix. In the meantime, Wordpress has released 2.84.

Bill
Reply With Quote Start a New Topic From This Comment
Reply

  The Church Media Community > Website Design > Content Management Systems (CMS)

« cloversites.com | Shopping Cart for Joomla »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:



Add to Google


Register Now for FREE!
Our records show you have not yet registered to our community. To sign up for your FREE account INSTANTLY fill out the form below!

Username: Password: Confirm Password: E-Mail: Confirm E-Mail:
Agree to forum rules 


All times are GMT -6. The time now is 11:57 AM.

 
Contact Us - ChurchMedia.net - Archive - Top
 
 
© 1995-2008, ChurchMedia™, ChurchMedia LLC

SEO by vBSEO 3.1.0