» MPF: Hax0red

Continuing the shitshow, WordPress 2.8.3 had a vulnerability that allowed attackers to reset users’ passwords. From some random site:

We noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send [sic] to was available as well) it could be used to annoy those users especially when combined with an automated script that would reset the password every seconds or minutes.

It turns out that we were a subject of just such an attack sometime in the last few hours. If you can’t get in, let me know.

We’ve updated to 2.8.4. This is another tick in the “Drupal” column I keep in my head.

Leave a reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>