A-A+

因安全漏洞WordPress再次升级到 2.8.4

2009年08月12日 WordPress 暂无评论 阅读 1 次

WordPress的2.8.4 :安全发布
由Matt发布于2009年8月12日。
昨天报告发现一个紧急漏洞:一个经过特别制作请求的网址可以允许攻击者绕过安全检查,以验证用户并要求密码重设。其结果是,数据库中第一个帐户中没有一个KEY关键词(通常是管理员帐户)将其密码重置并把一个新的密码将通过电子邮件发送给该帐户的拥有者。这尽管不会直接允许远程访问,但它是非常恼人的。

我们昨晚解决了这个问题,接着一直在测试的修复和寻找其他问题。版本2.8.4的修复所有已知的问题,现在已经可以下载,并强烈建议所有WordPress用户尽快更新

WordPress 2.8.4: Security Release

Posted August 12, 2009 by Matt. Filed under Releases, Security.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

给我留言

Copyright © 浩然东方 保留所有权利.   Theme  Ality 07032740

用户登录