Wordpress 2.5 Cookie Integrity Protection Vulnerability
Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to gain admin level access on the blog. Only WP 2.5 blogs that permit users to register user accounts are vulnerable.
According to Steven:
This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
integrity protection.If a Wordpress blog is configured to freely permit account creation,
a remote attacker can gain Wordpress-administrator access and then
elevate this to arbitrary code execution as the web server user.
The fix is fairly straight forward and WordPress have released a fix in WordPress 2.5.1.
Please note this vulnerability is different to http://blogsecurity.net/wordpress/wordpress-25-secret_key-vulnerability/
Steven’s Advisory is available here.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
[...] fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection Vulnerability, discovered by Steven J. [...]
[WordPress] WP 2.5 angreifbar…
Vor dem Update zu WP 2.5.1 war die Rede von einem Exploit welches aber nicht näher beschrieben wurde.
Nun, nach dem 2.5.1er Release kommt Licht ins Dunkle: Durch Modifikation des Cookies können normale User sich Adminrechte im Blog erschlei…
[...] Blog Security reported on the WordPress 2.5 security issues recently, including the ones that led to the quick release of WordPress 2.5.1. [...]
Thanks to Phil for bringing this to my attention. Nasty!