Secunia Security Advisory - MustLive has discovered a weakness in WordPress, which can lead to exposure of potentially sensitive information.
8317b9ee7962f285f633189b5b5688b6fe41d3225b66642e462ce99fddc3bb9d
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
WordPress Password Protection Weakness
SECUNIA ADVISORY ID:
SA39040
VERIFY ADVISORY:
http://secunia.com/advisories/39040/
DESCRIPTION:
MustLive has discovered a weakness in WordPress, which can lead to
exposure of potentially sensitive information.
The weakness is caused due to the application granting access to
password protected pages or posts based on a cookie with a fixed name
(web site-specific). This can lead to the unintended disclosure of
content in password protected posts or pages where the same password
has been set.
The weakness is confirmed in version 2.9.2. Other versions may also
be affected.
SOLUTION:
Do not rely on the password protection or ensure that different
passwords are set for all posts and pages.
PROVIDED AND/OR DISCOVERED BY:
MustLive
ORIGINAL ADVISORY:
http://websecurity.com.ua/4016/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------