[wp-forums] Exploit report

[Peter Westwood]

Hi Guys,

In terms of the exploit AFAIK it only works if all the following are
satisfied:

1. You have enabled the caching of db info to disk which is disabled by
default in 2.0.2

2. You have a simple /null database password - need to make the filename
of the cache file guessable

3. You have user registration enabled.

Ryan has commited a fix to trunk and the 2.0 branch which we hacked up
earlier.

westi
-- 
Peter Westwood
http://blog.ftwr.co.uk