[Bug 533543] New: WordPress vulnerability allows remote admin password reset
http://bugzilla.novell.com/show_bug.cgi?id=533543 Summary: WordPress vulnerability allows remote admin password reset Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Wiki AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: javier@opensuse.org QAContact: adrian@novell.com Found By: --- User-Agent: Mozilla/5.0 (compatible; Konqueror/4.3; Linux) KHTML/4.3.0 (like Gecko) SUSE Today I have noticed that Lizards has WordPress 2.8.3. There's a known vulnerability in that version. "A vulnerability in the current 2.8.3 release of the popular WordPress blogging software can be exploited remotely via a web browser to temporarily lock out administrators. The cause of the issue is an error in the web-based password reset function. Normally when a password reset is requested, the user would be sent a link to their registered email address. Once the link is clicked, the old WordPress password is removed and a new one is generated which is again sent by email." Source: http://www.heise.de/english/newsticker/news/143358 Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=533543
User meissner@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=533543#c1
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=533543
User binner@kde.org added comment
http://bugzilla.novell.com/show_bug.cgi?id=533543#c5
Stephan Binner
http://bugzilla.novell.com/show_bug.cgi?id=533543
User javier@opensuse.org added comment
http://bugzilla.novell.com/show_bug.cgi?id=533543#c6
Javier Llorente
http://bugzilla.novell.com/show_bug.cgi?id=533543
User binner@kde.org added comment
http://bugzilla.novell.com/show_bug.cgi?id=533543#c7
--- Comment #7 from Stephan Binner
participants (1)
-
bugzilla_noreply@novell.com