[wp-forums] Exploit report
Handy
handy.solo at gmail.com
Sat May 27 05:43:33 GMT 2006
http://wordpress.org/support/topic/73908?replies=1
Time for a calming announcement?
Peter's message here is interesting, but what does it mean for current
users of 2.0.2? How do we/they address this issue as normal and
simple users?
On 5/26/06, Peter Westwood <peter.westwood at ftwr.co.uk> wrote:
> Hi Guys,
>
> In terms of the exploit AFAIK it only works if all the following are
> satisfied:
>
> 1. You have enabled the caching of db info to disk which is disabled by
> default in 2.0.2
>
> 2. You have a simple /null database password - need to make the filename
> of the cache file guessable
>
> 3. You have user registration enabled.
>
> Ryan has commited a fix to trunk and the 2.0 branch which we hacked up
> earlier.
>
> westi
> --
> Peter Westwood
> http://blog.ftwr.co.uk
>
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>
More information about the wp-forums
mailing list