WordPress Exploit Allows Admin Password Reset

A vulnerability in WordPress 2.8.3 which allows anyone to lock an admin out of his or her account by resetting the password has been reported.

“The bug … is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required.”

The exploit doesn’t enable take-over of the blog but it does allow a prankster to lock an admin out of their blog by resetting the password.

An alert on the Full Disclosure mailing list detailed the vulnerability, and WordPress quickly rolled out version 2.8.4 to address the issue.

via Slashdot

Story by Zee

Former CEO of The Next Web. A fan of startups, entrepreneurship, getting things done faster, penning the occasional blog post, taking photos (show all) Former CEO of The Next Web. A fan of startups, entrepreneurship, getting things done faster, penning the occasional blog post, taking photos, designing, listening to good music and making lurrrve.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with

WordPress

WordPress Exploit Allows Admin Password Reset

Get the TNW newsletter

Also tagged with

Why developers are so divided over WordPress

Millions of webstores can now accept cryptocurrency through Coinbase

Join TNW All Access

WordPress 5.0 introduces a flexible block-based content editor

Top 5 WordPress predictions for 2018