Comments on: WordPress Remote Admin Password Reset Vulnerability http://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/ A technology news blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Sun, 12 Feb 2012 04:50:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: rhehttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-1341749 rhe Sat, 21 May 2011 09:11:07 +0000 http://www.ghacks.net/?p=15258#comment-1341749 is there any plugins to avoid this vuln? is there any plugins to avoid this vuln?

]]> By: Fix Wordpress Remote Admin Password Resethttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-936265 Fix Wordpress Remote Admin Password Reset Thu, 10 Dec 2009 10:13:59 +0000 http://www.ghacks.net/?p=15258#comment-936265 [...] : ghacks.net, techyard.net Tags: hack wordpress, reset password admin wordpress, wordpress, wp-login.php, [...] [...] : ghacks.net, techyard.net Tags: hack wordpress, reset password admin wordpress, wordpress, wp-login.php, [...]

]]> By: Tutorial Library Tutlib for You life » Blog Archive » Wordpress 2.8.4 Security Updatehttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-866389 Tutorial Library Tutlib for You life » Blog Archive » Wordpress 2.8.4 Security Update Thu, 13 Aug 2009 04:13:24 +0000 http://www.ghacks.net/?p=15258#comment-866389 [...] noticed a security vulnerability in Wordpress 2.8.3 yesterday (and earlier versions as well) that allowed [...] [...] noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed [...]

]]> By: Happyhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-866058 Happy Wed, 12 Aug 2009 14:22:04 +0000 http://www.ghacks.net/?p=15258#comment-866058 Just received 3 password changes to my blog this morning. I too thought the same thing, 2.8.4 may have addressed this. Just received 3 password changes to my blog this morning. I too thought the same thing, 2.8.4 may have addressed this.

]]> By: Internet and Technology News » Blog Archive » Wordpress 2.8.4 Security Updatehttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-866056 Internet and Technology News » Blog Archive » Wordpress 2.8.4 Security Update Wed, 12 Aug 2009 14:17:45 +0000 http://www.ghacks.net/?p=15258#comment-866056 [...] noticed a security vulnerability in Wordpress 2.8.3 yesterday (and earlier versions as well) that allowed [...] [...] noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed [...]

]]> By: Wordpress Removes Bugs: Wordpress 2.8.4 Security Update | Blogging Planethttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865997 Wordpress Removes Bugs: Wordpress 2.8.4 Security Update | Blogging Planet Wed, 12 Aug 2009 11:55:04 +0000 http://www.ghacks.net/?p=15258#comment-865997 [...] noticed a security vulnerability in Wordpress 2.8.3 yesterday (and earlier versions as well) that allowed [...] [...] noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed [...]

]]> By: Wordpress 2.8.4 Security Updatehttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865930 Wordpress 2.8.4 Security Update Wed, 12 Aug 2009 09:15:39 +0000 http://www.ghacks.net/?p=15258#comment-865930 [...] noticed a security vulnerability in Wordpress 2.8.3 yesterday (and earlier versions as well) that allowed [...] [...] noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed [...]

]]> By: Martinhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865890 Martin Wed, 12 Aug 2009 07:54:51 +0000 http://www.ghacks.net/?p=15258#comment-865890 Avinash, the vulnerability does not give the attacker access to the Wordpress blog unless access the email account was hacked as well. Good tip about the Wordpress update, wonder why the blog is not showing that there is a new version available yet. Avinash, the vulnerability does not give the attacker access to the WordPress blog unless access the email account was hacked as well. Good tip about the WordPress update, wonder why the blog is not showing that there is a new version available yet.

]]> By: Wordpress 2.8.4 Security Release : Fixes Remote Password Reset Vulnerability | TECH YARDhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865874 Wordpress 2.8.4 Security Release : Fixes Remote Password Reset Vulnerability | TECH YARD Wed, 12 Aug 2009 07:14:44 +0000 http://www.ghacks.net/?p=15258#comment-865874 [...] : GHacks & Wordpress Blog. var linkwithin_site_id = 34620; (function () { var elem = [...] [...] : GHacks & WordPress Blog. var linkwithin_site_id = 34620; (function () { var elem = [...]

]]> By: Avinashhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865869 Avinash Wed, 12 Aug 2009 07:03:09 +0000 http://www.ghacks.net/?p=15258#comment-865869 Martin, What if admin is the only user ?? which many wp users use as default, wouldn't that give a complete access to the person, and there an wordpress update to 2.8.4 that fixes this issues now Martin, What if admin is the only user ?? which many wp users use as default, wouldn’t that give a complete access to the person, and there an wordpress update to 2.8.4 that fixes this issues now

]]> By: Rick Russellhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865396 Rick Russell Tue, 11 Aug 2009 15:54:59 +0000 http://www.ghacks.net/?p=15258#comment-865396 Joomla! FTW. Joomla! FTW.

]]> By: Martinhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865380 Martin Tue, 11 Aug 2009 15:19:28 +0000 http://www.ghacks.net/?p=15258#comment-865380 According to this code change post at the wordpress website you only need to apply it to the line between 188 and 192 http://core.trac.wordpress.org/changeset/11798 According to this code change post at the wordpress website you only need to apply it to the line between 188 and 192

http://core.trac.wordpress.org/changeset/11798

]]> By: Gonzaguehttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865365 Gonzague Tue, 11 Aug 2009 14:56:06 +0000 http://www.ghacks.net/?p=15258#comment-865365 thanks for that ! the line has to be replaced twice right? thanks for that !

the line has to be replaced twice right?

]]> By: ghacks Finds Wordpress Vulnerability | The Minority Reporthttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865361 ghacks Finds Wordpress Vulnerability | The Minority Report Tue, 11 Aug 2009 14:49:36 +0000 http://www.ghacks.net/?p=15258#comment-865361 [...] It is advised to apply the temporary fix as soon as possible to Wordpress installations.Wordpress Remote Admin Password Reset Vulnerability [...] [...] It is advised to apply the temporary fix as soon as possible to WordPress installations.Wordpress Remote Admin Password Reset Vulnerability [...]

]]> By: Wordpress Remote Admin Password Reset Vulnerability | Hack In The Boxhttp://www.ghacks.net/2009/08/11/wordpress-remote-admin-password-reset-vulnerability/comment-page-1/#comment-865330 Wordpress Remote Admin Password Reset Vulnerability | Hack In The Box Tue, 11 Aug 2009 13:39:44 +0000 http://www.ghacks.net/?p=15258#comment-865330 [...] the original post: Wordpress Remote Admin Password Reset Vulnerability Share and [...] [...] the original post: WordPress Remote Admin Password Reset Vulnerability Share and [...]

]]>