[wp-trac] [WordPress Trac] #43320: Harden API requests against man-in-the-middle attacks

WordPress Trac noreply at wordpress.org
Wed Feb 14 16:56:49 UTC 2018 

#43320: Harden API requests against man-in-the-middle attacks
-------------------------+-----------------------------
 Reporter:  iandunn      |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  low          |  Milestone:  Awaiting Review
Component:  Security     |    Version:  3.7.1
 Severity:  minor        |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 API requests are allowed over standard HTTP if SSL is not correctly
 configured on the server. That allows those servers to continue updating,
 rather than being stuck on an old (and potentially insecure) version
 (r25956).

 Right now the downgrade triggers a PHP error, but users/devs will only
 know about it if they check the raw log files, since `WP_DEBUG_DISPLAY` is
 (hopefully) disabled on production servers. So users in this situation are
 mostly unaware of the server configuration errors, and the risks
 associated with unauthenticated API requests.

 While it's good to avoid trapping them on older versions, there are a few
 things that we could consider to improve the mitigate the negative side-
 effects:

 * Prompt the user to confirm they wish to continue making the request,
 even though it won't be secure. This would probably need to be paired with
 a page on the Codex explaining the problem, and giving them a message they
 can copy/paste to send to their hosting provider. Normally we would avoid
 burdening the user with technical details like this, but this instance
 might be worth an exception, given the security concerns? Maybe instead of
 linking to the Codex, we could build a user-friendly debugging/health-
 status page in Core?

 * Only downgrade to HTTP for essential requests, like Core/plugin/theme
 updates. This would shrink the attack surface, but it may still be wide
 enough that it's not worth it hurting UX. Additionally,
 [https://core.trac.wordpress.org/ticket/42004 Events API requests could
 indirectly lead to users learning about best practices for picking a
 better host].

 * Any other ideas?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43320>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list