[wp-trac] [WordPress Trac] #21420: Login without salted MD5 Password
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 30 14:23:57 UTC 2012
#21420: Login without salted MD5 Password
--------------------------+-----------------------
Reporter: shubhamoy | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 3.4.1
Severity: normal | Resolution:
Keywords: close |
--------------------------+-----------------------
Comment (by shubhamoy):
The point is that this feature is exploited and I've seen many of clients
site have been attacked badly by simply changing the database records.
Sample Attack[[BR]]
=============[[BR]]
An attacker places a SymLink Attack on the server and reads the wp-
config.php of a wordpress powered site. After that accesses the database,
updates the wp_users table with a simple MD5 hashed password. Logs into
admin panel and then takes over the website. Now the feature for the ease
of user who forgets the password gets exploited.
So it's time that this hole gets patched else the sites will be attacked
in the same fashion.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21420#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list