Posts Tagged ‘New Release’
WordPress 2.6.2 Released
Written by Jai on September 9, 2008 – 5:45 am - 5,669 views
If you have allowed open registration for your blog readers, you might want to consider upgrading to the latest version of WordPress - 2.6.2. This new release of WordPress fixes some vulnerabilities and exploits which can be used by attackers.
Here is what WordPress blog says about this exploit :-
With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
If you enjoyed this post, make sure you subscribe to my RSS feed!
