Tag: security

#32c3 presentations to watch (note to self)

Overview of recorded presentations:

https://media.ccc.de/b/congress/2015

My list of particularly interesting presentations (mostly for myself – disclaimer: I haven’t watched all of these presentations yet as I didn’t make it to Hamburg this year):

WordPress 2.8.3: Quick-fix for admin lock-out security problem

Problem description (In WP 2.8.3 and earlier, the admin password can be reset remotely without WordPress generating a new one, locking-out the admin):

[Full-disclosure] WordPress <= 2.8.3 Remote admin reset password

For a quick-fix, see:

http://core.trac.wordpress.org/changeset/11798

i.e., in wp-login.php, replace the line

if ( empty( $key ) )

with

 if ( empty( $key ) || is_array( $key ) )


If your WordPress installation has been hacked already, here’s an emergency password reset script you can use to reset and regenerate your admin password.

A German explanation of the security bug and how to fix it can be found on heise online:

Lücke in WordPress ermöglicht Aussperren des Admins

[Update 20090812: Now that a security update is available, users are advised to update to WordPress 2.8.4]