Are you running a WordPress Blog? Update it today

Wednesday, August 12, 2009

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Another security release for Wordpress was released yesterday (version 2.8.4) which patches a rather annoying security flaw discovered with all prior versions. By sending a specially crafted URL as an unauthenticated user to your WP blog, and attacker can essential reset your admin password and lock you out of your blog.

The attack is as simple as:

http://www.domain.com/wp-login.php?action=rp&key[]=
 

And *BOOM* your out. 

The good news is if you are running a fairly recent version of WP, you can upgrade automatically in your WP admin panel, but clicking the "Upgrade Now" prompt...takes all of 5 seconds. 

Possibly Related Articles:
11388
Vulnerabilities
Hacks HTTP Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.