oss-security - Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <546A9155.7090507@internot.info>
Date: Tue, 18 Nov 2014 11:22:45 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com
Subject: Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database
 Backup Download Vulnerability

On 18/11/14 10:30, Larry W. Cashdollar wrote:
> Turns out Matthew Bryant had already covered everything I had but a few months ago here:
>
> http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
On that blog..
> So we have to bruteforce these five hexadecimal digits – what’s the
> math on that? Since our keyspace is any hex character and we have a
> total of five digits we have 16^5 possibilities or 1,048,576
> permutations. 
Using birthday problem maths..
1048576! / ((1048576-1205)! * 1048576^1205) =
0.500538915

1-0.500538915=
.499461085

aka. after 1,205 attempts, you'd have a 50% chance of hitting the
correct location..

Just something to consider.

-- 
-- Joshua Rogers <https://internot.info/>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.