In a standard situation, for a user to recuperate their password, they will first need to request it via the “Reset password” link. The user will then receive, on the registered email account, a message containing a verification link, which, when clicked, will delete the old password and replace it with a new one. This new password will be sent to the user registered email as well.
By passing an array to the $key value inside the wp-login.php module, the script can be forced to reset the admin password. This hack jumps the email verification step, and so the attack is invisible to the blog's owner. All these actions can be done from a simple browser window.
This vulnerability can be used solely to reset the administrator password and not to remotely break and access the blog platform. It can only be used to lock out administrators from their blog.
The changeset in the development version introduced by WordPress prevents any kind of array to be passed to the $key variable value in wp-login.php
The line
CODE
if ( empty( $key ) )was updated with
CODE
if ( empty( $key ) || is_array( $key ) )For the owners that already have been locked out of their accounts, WordPress has recommended the usage of the “Emergency Password Reset Script.” Administrators using this script need to know their admin account name (if different from standard) and have to upload the script in the same directory as the wp-login.php module. More instructions can be found on the official WordPress “Resetting Your Password” page.
softpedia
Tidak ada komentar:
Posting Komentar