[wp-trac] [WordPress Trac] #44230: Export Personal Data Flaw
WordPress Trac
noreply at wordpress.org
Wed Jun 27 13:43:41 UTC 2018
#44230: Export Personal Data Flaw
--------------------------+------------------------------
Reporter: psycleuk | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: major | Resolution:
Keywords: close | Focuses:
--------------------------+------------------------------
Comment (by psycleuk):
I take your point about users that can comment and not have a user
account, so forcing a login step on this action would not be possible.
Just because there is nothing that you can do about is a users email
account has been compromised, does not mean you can be lax with security
of users data. The point is the file should not be in the public domain,
which it is, regardless of how hard it is to find.
If adding a login control to access the file is not possible, it should at
least only be accessible through the use of a single use token. The zip
should not be downloadable directly as you can not verify who downloaded
it, you can only assume because the file is obscured that it was the
correct user. I don't see that as a good enough implementation when it
comes to the security of user data. The only way this process could then
be exploited is to have access to the users email account, which i am
aware is out of your control, but at least WordPress has done everything
within it's control to ensure data security.
Also, with relation to https://blog.ripstech.com/2018/wordpress-file-
delete-to-code-execution/ that was posted on the 26th June, there is a
potential vulnerability where the index.html could be deleted, leaving the
entire wp-personal-data-exports folder publicly traversable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44230#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list