[wp-forums] tommix b-flagged
Mark E
mark at edwards.org
Mon May 7 04:10:11 UTC 2012
Actually after reading both reports they are indeed vulnerabilities. In
the first one, a person might think "well if you can sniff a nonce value
you can sniff a username and password and simply login" - but, nonces
travel a network far more often than login credentials, so the risk is
more prevalent. Not incredibly dangerous, but definitely an issue as
best I can tell.
In the second one, it's also a vulnerability. Not incredibly
problematic, probably no more problematic than having a known login
screen at wp-login.php that can be brute-force attacked.
Mark
On 05/06/2012 08:59 PM, Mika A Epstein wrote:
> The ultimate jokes on him. Neither of 'em are vulnerabilities.
>
> In case you wondered:
>
>> http://www.exploit-db.com/exploits/18791/
>> http://www.exploit-db.com/exploits/18417/
More information about the wp-forums
mailing list