[wp-trac] [WordPress Trac] #21420: Login without salted MD5 Password

WordPress Trac wp-trac at lists.automattic.com
Mon Jul 30 14:23:57 UTC 2012


#21420: Login without salted MD5 Password
--------------------------+-----------------------
 Reporter:  shubhamoy     |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:
Component:  General       |     Version:  3.4.1
 Severity:  normal        |  Resolution:
 Keywords:  close         |
--------------------------+-----------------------

Comment (by shubhamoy):

 The point is that this feature is exploited and I've seen many of clients
 site have been attacked badly by simply changing the database records.

 Sample Attack[[BR]]
 =============[[BR]]

 An attacker places a SymLink Attack on the server and reads the wp-
 config.php of a wordpress powered site. After that accesses the database,
 updates the wp_users table with a simple MD5 hashed password. Logs into
 admin panel and then takes over the website. Now the feature for the ease
 of user who forgets the password gets exploited.

 So it's time that this hole gets patched else the sites will be attacked
 in the same fashion.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21420#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list