Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29528
HistoryJul 08, 2013 - 12:00 a.m.

WordPress 3.5.1, Denial of Service

2013-07-0800:00:00
vulners.com
12
JSON

Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). The exploitation of this vulnerability is possible only when at least one post is protected by a password.

Time frames:
31.05.2013 WordPress security team has been informed about the vulnerability (no response).
07.06.2013 The vulnerability has been released to the public.

More information (including proof of concept):
https://vndh.net/note:wordpress-351-denial-service

A way out (before official WordPress update) to secure existing installations is to apply the following patch:

— wp-includes/class-phpass.php
+++ wp-includes/class-phpass.php
@@ -120,7 +120,7 @@
return $output;

	$count_log2 = strpos($this->itoa64, $setting[3]);

  •   if ($count_log2 < 7 || $count_log2 > 30)

  •   if ($count_log2 < 7 || $count_log2 > 13)
  	return $output;

  $count = 1 << $count_log2;
JSON