gHacks Technology News | Latest Tech News, Software And Tutorials » wordpress password http://www.ghacks.net A technology news blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Sat, 11 Feb 2012 21:54:04 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 WordPress 2.8.4 Security Updatehttp://www.ghacks.net/2009/08/12/wordpress-2-8-4-security-update/ http://www.ghacks.net/2009/08/12/wordpress-2-8-4-security-update/#comments Wed, 12 Aug 2009 08:10:57 +0000 Martin Brinkmann http://www.ghacks.net/?p=15268 wordpressWe noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send to was available as well) it could be used to annoy those users especially when combined with an automated script that would reset the password every seconds or minutes.

A fix was released with the announcement of the vulnerability which consisted of one line of code that had to be edited in the wp-login.php file of the WordPress installation. WordPress installations with the fix are safe from these kinds of attacks.

The WordPress team has nevertheless released WordPress 2.8.4. as a response to the security vulnerability. The new release patches this vulnerability and is a recommended update for every WordPress installation. The WordPress developers are providing additional information about the vulnerability in the announcement post as well.

It was only possible to reset a password of the first user account without a key according to this post which usually is the admin account of the WordPress installation. WordPress is not showing the new version in its interface. This may change in the next hours.

WordPress admins should head over to the WordPress website to download the new version as of now.

]]> http://www.ghacks.net/2009/08/12/wordpress-2-8-4-security-update/feed/ 8