Mike Puchol

Fix your WordPress 2.8.3 NOW!

Posted on 08/11/09, in Tech, by Mike

It appears than an input validation vulnerability is present in wp_login.php, used by WordPress 2.8.x to validate logins and reset passwords. An attacker can bypass the emailed password change link validation by submitting a crafted input to the password reset function in wp_login.php, as described here. The fix is at the bottom of the article, it involves changing one line of wp_login.php.

I say all this as I just had my password reset through an anonymous proxy, so it appears there is an automated attack taking place – fix your WordPress today, I just fixed mine!

No TweetBacks yet. (Be the first to Tweet this post)

Twitter: mikepuchol

@martinvars articulo de Tremosa al respecto, aunque según a quien preguntes la respuesta cambia: http://www.eco.ub.es/~tremosa/EP1esp.pdf about 1 hour ago from Osfoora HD in reply to martinvars
@mikkohypponen they should turn the DC hall into a Faraday cage, then, it would all be lab testing ;-) about 5 hours ago from Osfoora HD in reply to mikkohypponen
I uploaded a YouTube video -- Marmotas Parc http://youtu.be/6m8m3QqN4kQ?a July 30, 2010 from Google
RT @ninjanetworks: Very important info on the "Ninja Party" mode of your #DEFCON 18 badge. http://bit.ly/cl2UF5 Please RT and share this July 29, 2010 from TweetDeck

Fix your WordPress 2.8.3 NOW!

Leave a Reply

Mike Puchol's Blog

Latest comments

Twitter: mikepuchol