Search your fish :
    Home | Archives | Disclaimer | About Me | Contact Me
  
« Methods used for cookie stuffing
Google Ad Review Center gone Live »

Security Flaws in Wordpress 2.5.0 - Upgrade now

Posted on Saturday, April 26th, 2008 under Internet Security

Wordpress is simply amazing and I am loving it. I have never used any other blogging script, but this seems to be perfect for a part time blogger like me. Now the wordpress 2.5.1 has been released and available for download.

You may download wordpress 2.5.1 here

It has been published on the WordPress site that there is a serious vulnerability on the Wordpress 2.5.0 version, so everyone MUST upgrade to 2.5.1 I was just wondering what was the vulnerability that the WP is recommending everyone to upgrade to the latest version.

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

Finally I found that the WP 2.5.0 has a vulnerability in its registration system where an attacker can register with a specific username and generate cookies for any other chosen account, for example “admin”. Once he generates the cookies, he gets Admin privileges and can do whatever he wants. Its quite dangerous, so my suggestion to all the readers would be upgrade your Wordpress now to the latest version that claims to have fixed 70 bugs in previous version.

An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts.

This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.

If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user.

Check this out for references
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-integrity.txt



Article Popularity : 53%


If you like this article, please share : These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Furl
  • Spurl
  • StumbleUpon
  • TwitThis
  • co.mments
  • Propeller
  • Reddit
  • Technorati

Random Posts

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.33 out of 5)
Loading ... Loading ...
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Security Flaws in Wordpress 2.5.0 - Upgrade now

Leave a Reply