[wp-hackers] Security: Oracle and WordPress

David Chait davebytes at comcast.net
Thu Jun 22 19:10:44 GMT 2006


I believe it requires the wp caching be enabled (which is now off by default 
if I recall correclt, and frankly it should be ripped out, only ever put 
back in by a knowledgable sysadmin!), plus a specific comment-subscription 
plugin.

That said, it's a good read on hash vulnerabilities, and the problems of 
multiple 'people' using the same hashes opening up potential security holes. 
Thus always add something unique to your hash. ;)

-d

----- Original Message ----- 
From: "Roy Schestowitz" <r at schestowitz.com>
To: "WP-Hackers" <wp-hackers at lists.automattic.com>
Sent: Thursday, June 22, 2006 2:27 PM
Subject: [wp-hackers] Security: Oracle and WordPress


| The following has just cropped up in the Topix Computer Science feed (6
| hours ago). I thought I'd share it, just in case it needs to be addressed.
|
| Oracle attack on Wordpress
|
| ,----[ Quote ]
|| This post describes the second of two vulnerabilities I found in
|| Wordpress. The first, a XSS vulnerability, was described last week. While
|| the vulnerability discussed here is applicable in fewer cases than the
|| previous one, it is an example of a comparatively rare class, oracle
|| attacks, so I think merits further exposition.
| `----
|
| http://www.lightbluetouchpaper.org/2006/06/22/oracle-attack-on-wordpress/
| _______________________________________________
| wp-hackers mailing list
| wp-hackers at lists.automattic.com
| http://lists.automattic.com/mailman/listinfo/wp-hackers
| 



More information about the wp-hackers mailing list