Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <52B7CE84.1000809@redhat.com>
Date: Mon, 23 Dec 2013 11:17:48 +0530
From: Ratul Gupta <ratulg@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: wordpress: information leakage and backdoor vulnerabilities
 in writing settings

Hello,

https://bugzilla.redhat.com/show_bug.cgi?id=1045416

It was found that the login and password from e-mail are saved in DB in 
plain text (unencrypted) in Writing Settings 
(http://site/wp-admin/options-writing.php), if this functionality is 
used. So by receiving data from DB via SQL Injection or Information 
Leakage vulnerability, or by receiving content of this page via XSS, or 
by accessing admin panel via any vulnerability, it's possible to get 
login and password from e-mail account.

Also, this functionality can be used as backdoor. When attacker's e-mail 
is set in options Writing Settings, from which the posts will be 
published at web site. With XSS code, with black SEO links, with malware 
code, etc.

Can a CVE please be assigned to this?

-- 
Regards,

Ratul Gupta / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.