Archive for September, 2008

4

WordPress 2.6.1 Weak Entropy Vulnerability

Posted by DK
September 11, 2008

iso^kpsbr has discovered a vulnerability that may allow an external attacker to gain admin access to WordPress 2.6.1.

WordPress is prone to a weakness in the entropy of generated passwords. Successfully exploiting this issue may allow an attacker to guess randomly generated passwords. WordPress 2.6.1 is vulnerable; other versions may also be affected.

The original advisory and [...]