Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to gain admin level access on the blog. Only WP 2.5 blogs that permit users to register user accounts are vulnerable.
According to Steven:
This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
integrity protection.If a Wordpress blog is configured to freely permit account creation,
a remote attacker can gain Wordpress-administrator access and then
elevate this to arbitrary code execution as the web server user.
The fix is fairly straight forward and WordPress have released a fix in WordPress 2.5.1.
Please note this vulnerability is different to http://blogsecurity.net/wordpress/wordpress-25-secret_key-vulnerability/
Steven’s Advisory is available here.
Comments
Thanks to Phil for bringing this to my attention. Nasty!
[…] fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection Vulnerability, discovered by Steven J. […]
[WordPress] WP 2.5 angreifbar…
Vor dem Update zu WP 2.5.1 war die Rede von einem Exploit welches aber nicht näher beschrieben wurde.
Nun, nach dem 2.5.1er Release kommt Licht ins Dunkle: Durch Modifikation des Cookies können normale User sich Adminrechte im Blog erschlei…
Automattic, wtf you’re doing there?!
[…] Blog Security reported on the WordPress 2.5 security issues recently, including the ones that led to the quick release of WordPress 2.5.1. […]
-
Search site:
-
Additional WP Resources
