Hackers threatening WordPress Password

How Hackers Gain Access to WordPress Sites.

WordPress is vulnerable to a logical glitch that could allow a remote attacker to reset targeted users’ password under certain circumstances.

The glitch (CVE-2017-8295) is more dangerous than it seems because it affect all versions of WordPress — including the latest 4.7.4 version.

The WordPress flaw was discovered by Polish security researcher Dawid Golunski of Legal Hackers last year in July and reported it to the WordPress security team, who decided to ignore this issue, leaving millions of websites vulnerable.

He is also the person that discovered a critical vulnerability in the popular open source PHPMailer libraries that allowed malicious actors to remotely execute arbitrary code in the context of the web server and compromise the target web application.

HOW IT OCCURS

WordPress has the facility of changing password if forgotten by just clicking the “Forgot Password” button, then a mail is sent to the admin of the account.

While sending this email, WordPress uses a variable called SERVER_NAME to obtain the hostname of a server to set values of the From/Return-Path fields.

According to Golunski, an attacker can send a spoofed HTTP request with a predefined custom hostname value (for example attacker-mxserver.com), while initiating password reset process for a targeted admin user.

Path fields in the password reset email will be modified to include an email ID associated with the attacker’s domain, i.e. wordpress@attacker-mxserver.com, instead of wordpress@victim-domain.com.

 

Follow : @techie_geeks

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: