[wp-trac] [WordPress Trac] #5838: Make Nonce Mismatch Fail Instead
of AYS
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 13 16:17:01 GMT 2008
#5838: Make Nonce Mismatch Fail Instead of AYS
----------------------+-----------------------------------------------------
Reporter: filosofo | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: Security | Version: 2.3.3
Severity: normal | Keywords: nonce ays csrf css security has-patch
----------------------+-----------------------------------------------------
As the post [http://ferruh.mavituna.com/flawed-csrf-protections-oku/ here]
points out (I've duplicated his attack using my own 2.3.3 setup), you can
make a CSRF attack that tricks a WordPress user into changing the admin
password and emailing it to someone, by hiding all of the nonce
confirmation except the "yes" submit button.
When the nonce doesn't match, my patch lets you know that the action has
failed, and it provides a link back to the referring page so that you can
try again.
--
Ticket URL: <http://trac.wordpress.org/ticket/5838>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list