WordPress updated 2.8.4

This update from wordpress is very quick, but very important update. Only last week i installed the new wordpress 2.8.3 update. This morning i was shocked to see the new update from WordPress. But this update is very much reasonable. WordPress discovered a new bug from previous update.

This bug allows the attacker to bypass a security check, to verify a user requested a password reset. so the admin account without a key in the database would have its password reset directly. This new password would be emailed to the account owner email address.

Sample :
The attackers use the below url to exploit.

http://www.yourwebsite.com/wp-login.php?action=rp&key[]=

and the password will be reset and send to your email id.

WordPress says,

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

For more : Visit WordPress Blog

Related Posts :

• Whats new in Wordpress 2.8.1
• Magic Blue Wordpress Theme
• Wordpress 2.9.1 Released
• Brand New Twitter Icon
• Design your dream Wordpress Theme and win $3500
• How to Add a Search Bar in wordpress blog
• Wordpress 2.7 Beta 2 released with exciting Features
• Introducing New DEMO Blog for Wordpress
• MyBusiness Wordpress Template
• Shiny Blue Wordpress Template