[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
- To: Maksymilian <max@xxxxxxx>
- Subject: Re: [Full-disclosure] WordPress User Account Information Leak / Secunia Advisory SA23621
- From: Dan Ballance <tzewang.dorje@xxxxxxxxx>
- Date: Fri, 5 Jul 2013 13:02:44 +0100
It seems crazy to me that WordPress is sensible enough to allow you to
change the default admin username to something other than "admin" - but
then so simply exposes that information to anyone that fancies scanning. I
ran wpscan last night across a couple of my installs and sure enough - my
renamed admin accounts show straight up. What a waste of time! :-/
On 5 July 2013 10:16, Maksymilian <max@xxxxxxx> wrote:
>
>> The corresponding trac entry for wordpress is closed as
>> "wontfix":
>> https://core.trac.wordpress.org/ticket/1129
>>
>> Why?
>>
>>
> some people consider this as a security vulnerability but not everybody.
> eg drupal
>
> https://drupal.org/node/1004778
>
> In Drupal, is the same problem. Using ctools, you can get username finding
>
> (by [Username])
>
> https://drupal.org/?q=ctools/autocomplete/node/1
>
> (by Amazon)
>
> PoC:
> ?q=ctools/autocomplete/node/[ID]
>
> In my opinion, this should be fixed. This idea, may be very helpful to
> create botnet based on brutal force CMS.
>
>
> Maksymilian Arciemowicz
> http://cxsecurity.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/