WordPress 2.6.1 Weak Entropy Vulnerability
Filed Under (Advisories, WordPress) by DK on 11 September 2008

iso^kpsbr has discovered a vulnerability that may allow an external attacker to gain admin access to WordPress 2.6.1.

WordPress is prone to a weakness in the entropy of generated passwords. Successfully exploiting this issue may allow an attacker to guess randomly generated passwords. WordPress 2.6.1 is vulnerable; other versions may also be affected.

The original advisory and proof of concept exploit is available on securityfocus.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Joseph Scott on 11 September, 2008 at 3:47 pm #

It’s important to note that this is a general PHP issue, not something that is specific or unique to WordPress:

http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/


dt on 11 September, 2008 at 5:08 pm #

Is not about entropy, is just an exploit for “SQL Column Truncation” bug that was fixed in latest wordpress versiorn (2.6.2) See http://wordpress.org/development/2008/09/wordpress-262/


MustLive on 12 September, 2008 at 2:27 am #

DK

It’s worth to be mentioned that in case of this vulnerability (in both SQL Column Truncation exploit and Admin Takeover exploit) are affected only sites with open registration. So any WP site with open registration is in risk and needs to be updated to new version of WordPress.


Jim on 7 October, 2008 at 3:43 pm #

I don’t see why people have open registration on their wordpress blogs anyways. You can install captcha you sway away the comment spammers.


Comment
Name:
Email:
Website:
Message: