Slashdot Mirror

← Back to Stories (view on slashdot.org)

WordPress Exploit Allows Admin Password Reset

Posted by Soulskill on Wednesday August 12, 2009 @03:04AM from the probably-the-first-time-most-have-been-changed dept.

Multiple readers have sent word of a vulnerability in WordPress 2.8.3 which allows anyone to lock an admin out of his or her account by resetting the password. "The bug ... is trivial to exploit remotely using nothing more than a web browser and a specially manipulated link. Typically, requests to reset a password are handled using a registered email address. Using the special URL, the old password is removed and a new one generated in its place with no confirmation required." An alert on the Full Disclosure mailing list detailed the vulnerability, and WordPress quickly rolled out version 2.8.4 to address the issue.

3 of 100 comments (clear)

Min score:

Reason:

Sort:

Rob Malda has a baby penis by Anonymous Coward · 2009-08-12 03:07 · Score: -1, Troll

I'm wanking off CmdrTaco right now and his cock is only 2 inches long!
ladies, get your pussies ready! by Anonymous Coward · 2009-08-12 03:13 · Score: -1, Troll

I watched tucker max's "revolutionary" movie last night... to quote the critic, "it stinks". It's the Battlefield Earth of comedies, but without John Travolta. It's not theatre material. It's not even straight to DVD material. It's more like a case study in how not to make a movie.
Call me a hater, but I wouldn't care if it hadn't been hyped. "Anything the hangover can do, we can beat?" Funnier than any joke in the movie, that's for damn sure.
Nigger Code by Anonymous Coward · 2009-08-12 03:15 · Score: -1, Troll

Sounds like some type of nigger (sand nigger, curry nigger, rice nigger, black nigger etc..) wrote this code.