Web application abuses : WordPress wp-login.php Security Bypass Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900913

Categoría: Web application abuses

Título: WordPress wp-login.php Security Bypass Vulnerability

Resumen: WordPress is prone to a Security Bypass vulnerability.

Descripción: Summary:
WordPress is prone to a Security Bypass vulnerability.

Vulnerability Insight:
The flaw is due to an error in the wp-login.php script password reset
mechanism which can be exploited by passing an array variable in a resetpass (aka rp) action.

Vulnerability Impact:
Attackers can exploit this issue to bypass security restrictions and change
the administrative password.

Affected Software/OS:
WordPress version prior to 2.8.4 on all running platform.

Solution:
Update to Version 2.8.4 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2762
BugTraq ID: 36014
http://www.securityfocus.com/bid/36014
http://www.exploit-db.com/exploits/9410
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html
http://core.trac.wordpress.org/changeset/11798
http://www.securitytracker.com/id?1022707
http://secunia.com/advisories/36237
XForce ISS Database: wordpress-wplogin-security-bypass(52382)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52382

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900913
Categoría:	Web application abuses
Título:	WordPress wp-login.php Security Bypass Vulnerability
Resumen:	WordPress is prone to a Security Bypass vulnerability.
Descripción:	Summary: WordPress is prone to a Security Bypass vulnerability. Vulnerability Insight: The flaw is due to an error in the wp-login.php script password reset mechanism which can be exploited by passing an array variable in a resetpass (aka rp) action. Vulnerability Impact: Attackers can exploit this issue to bypass security restrictions and change the administrative password. Affected Software/OS: WordPress version prior to 2.8.4 on all running platform. Solution: Update to Version 2.8.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2762 BugTraq ID: 36014 http://www.securityfocus.com/bid/36014 http://www.exploit-db.com/exploits/9410 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html http://core.trac.wordpress.org/changeset/11798 http://www.securitytracker.com/id?1022707 http://secunia.com/advisories/36237 XForce ISS Database: wordpress-wplogin-security-bypass(52382) https://exchange.xforce.ibmcloud.com/vulnerabilities/52382
Copyright	Copyright (C) 2009 Greenbone AG