Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 281219

Summary: <www-apps/wordpress-2.8.4: Password reset key check bypass (CVE-2009-2762)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://wordpress.org/development/2009/08/2-8-4-security-release/
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-12 15:18:37 UTC 
From $URL:

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
Comment 1 Tobias Scherbaum (RETIRED) gentoo-dev 2009-08-12 17:15:50 UTC 
2.8.4 in CVS.
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-14 22:20:10 UTC 
CVE-2009-2762 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2762):
  wp-login.php in WordPress 2.8.3 and earlier allows remote attackers
  to force a password reset for the first user in the database,
  possibly the administrator, via a key[] array variable in a resetpass
  (aka rp) action, which bypasses a check that assumes that $key is not
  an array.