wordpress

Vulnerability Zero Day on WordPress sites

An attacker may be able to take complete control of a website that the platform due to lack of cryptographically pseudorandom number generator (CSPRNG).Wordpress

CSPRNG is a mechanism that generates random numbers on a computer, which can be applied for cryptographic purposes such as par keys or salts. The numbers are pseudorandom because a truly random sequence can only be produced at a theoretical level.

Το σφάλμα στο WοrdPress ανακαλύφθηκε από τον Arciszewski, έναν Web προγραμματιστή από το Orlando της Florida. Έχει ενημερώσει ήδη τους τεχνικούς της WοrdPress για την ανάγκη της ς ενός μηχανισμού CSPRNG στην πλατφόρμα, προκειμένου να εξαλειφθεί ακόμη και την παραμικρή πιθανότητα να μπορεί κάποιος να προβλέψει το link που χρησιμοποιείται για την of the codes s.

Anyone who succeeds will be able to violate all WorrdPress that exist on the web. However, there is currently no available method.

Arciszewski says he tried several times to bring the issue to the attention of WordPress technicians. First time on June 25, 2014, by opening a ticket on the matter to of the platform. The next time was during of WordCamp in Orlando, a conference focused on the WordPress platform.

A published by the researcher which fully reveals the vulnerability, also has one created by him, which has not yet been integrated into WordPress.

Patch available with unit tests and PHP 5.2 on Windows support at
https://core.trac.wordpress.org/attachment/ticket/28633/28633.3.patch

Remember that WordPress is used by 75 million websites in . Nevertheless, this particular vulnerability requires a lot of knowledge and skills, which discourages many would-be hackers.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).