WordPress Exploit Allows Admin Password Reset

WordPress Exploit Allows Admin Password Reset

wordpress-logo-kek-300x302A vulnerability in WordPress 2.8.3 which allows anyone to lock an admin out of his or her account by resetting the password has been reported.

“The bug … is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required.”

The exploit doesn’t enable take-over of the blog but it does allow a prankster to lock an admin out of their blog by resetting the password.

An alert on the Full Disclosure mailing list detailed the vulnerability, and WordPress quickly rolled out version 2.8.4 to address the issue.

via Slashdot

Read next: See what any site looks like in IE6

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.