Vulnerability Zero Day on WordPress sites


An attacker may be able to take full control of a website that uses the platform WordPress due to the lack of the cryptographically secure pseudorandom number generator (CSPRNG).Wordpress

CSPRNG is a mechanism that produces random numbers on a computer, which can be applied for cryptographic purposes, such as the production of keys or salts. The numbers are pseudo-random because a really random series can only be produced on a theoretical level.

The WrongPress error was discovered by Scott Arciszewski, a Web developer from Orlando, Florida. He has already advised WorPress technicians about the need to implement a CSPRNG mechanism on the platform in order to eliminate even the slightest chance of anyone predicting the link used to reset the passwords.

Anyone who succeeds will be able to violate all WorrdPress that exist on the web. However, there is currently no available method.

Arciszewski says he has often tried to bring the issue to the attention of WorPress's technicians. 25 2014 for the first time in XNUMX, opening a ticket for the topic on the platform tracker. The next time was during WordCamp in Orlando, a conference that focused on WorPress platform.

A published by the researcher which completely reveals the vulnerability, also has a patch created by itself, which has not yet been integrated into WordPress.

Patch available with unit tests and PHP 5.2 on Windows support at
https://core.trac.wordpress.org/attachment/ticket/28633/28633.3.patch

Remember that WordPress is used by 75 million websites on the internet. Nevertheless, this vulnerability requires a lot of knowledge and skills, which discourages many would-be hackers.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news