Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
昨天的一个漏洞被发现:当一个特别定义的网址被请求时,将允许攻击者绕过验证用户要求密码重设的安全检查。结果将导致,第一个在数据库中没有密钥的帐户(通常是管理员帐户)会把密码重置和一个新的密码通过电子邮件发送给该帐户的拥有者。这并不会导致允许远程访问,但它是非常令人烦恼的。
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
我们昨晚解决了这个问题,自那时起一直在测试修复和寻找其他问题。2.8.4版本修复了所有已知的问题,现在已经可以下载,并强烈建议所有WordPress的用户升级。
历史博文
- jquery eval gzinflate base64 decode - 2009
- 20071210 黄酒 - 2008
- 20070421 J2EE 资料 术语 1 - 2007
- 0421 winxp 正版认证 WGA - 2006
- 强人签名 执著 变通 木桶理论 - 2005
- 搜狐IT 博粹 xStats - 2005
- FireFox linux 安装 失败 - 2005
- YippeeCMPP 0.01 - 2005