Comments on: WordPress <= 2.8.3 Remote admin reset password http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html Protect Your Interwebs Tue, 07 Feb 2012 14:40:59 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: My final Wordpress security solution http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-2976 My final Wordpress security solution Tue, 06 Dec 2011 10:35:34 +0000 http://blog.sucuri.net/?p=85#comment-2976 [...] Here's more instruction on how hackers might be working: http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html [...] [...] Here's more instruction on how hackers might be working: http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html [...]

]]> By: SEO Tips http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-835 SEO Tips Wed, 16 Sep 2009 23:38:15 +0000 http://blog.sucuri.net/?p=85#comment-835 It's helpful. Thanks for great tips It's helpful. Thanks for great tips

]]> By: Lane http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-836 Lane Tue, 11 Aug 2009 20:20:32 +0000 http://blog.sucuri.net/?p=85#comment-836 OK, I think I see how it works now. I have a blog running 2.8.3. At login, I click "Lost your password?" and am presented with a page where I can enter either a username or an email. So entering "admin" would reset the password without further action? Weird!<br /><br />I've made the Line 190 edit and will start copying it to my blogs. Thanks, Securi, for this post. OK, I think I see how it works now. I have a blog running 2.8.3. At login, I click "Lost your password?" and am presented with a page where I can enter either a username or an email. So entering "admin" would reset the password without further action? Weird!

I've made the Line 190 edit and will start copying it to my blogs. Thanks, Securi, for this post.

]]> By: Anonymous http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-837 Anonymous Tue, 11 Aug 2009 19:34:51 +0000 http://blog.sucuri.net/?p=85#comment-837 It's telling the amount of kiddies trying this and failing. I can attest that it works, as I had my own blog's admin pass changed through an anon proxy, so it seems there are people actively exploiting this. I just fixed mine through the line 190 edit - thanks! It's telling the amount of kiddies trying this and failing. I can attest that it works, as I had my own blog's admin pass changed through an anon proxy, so it seems there are people actively exploiting this. I just fixed mine through the line 190 edit – thanks!

]]> By: http://sucuri.net http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-838 http://sucuri.net Tue, 11 Aug 2009 17:27:03 +0000 http://blog.sucuri.net/?p=85#comment-838 Lane:<br /><br />It only works on 2.8.x versions. It gives you the option to reset using the user name (admin only) or the email... Lane:

It only works on 2.8.x versions. It gives you the option to reset using the user name (admin only) or the email…

]]> By: Lane http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-839 Lane Tue, 11 Aug 2009 17:10:55 +0000 http://blog.sucuri.net/?p=85#comment-839 I tried the function, and it sends an email to the registered user. Unless the registered user chooses to change the password it remains the same. I tried the function, and it sends an email to the registered user. Unless the registered user chooses to change the password it remains the same.

]]> By: BlackTigerX http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-840 BlackTigerX Tue, 11 Aug 2009 17:05:24 +0000 http://blog.sucuri.net/?p=85#comment-840 the hack is not about getting access or getting the passwod at all, just changing it the hack is not about getting access or getting the passwod at all, just changing it

]]> By: Lane http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-841 Lane Tue, 11 Aug 2009 12:59:50 +0000 http://blog.sucuri.net/?p=85#comment-841 I don't get it. You have to supply the email address that belongs to a registered user. Where it the hacker going to get that? I don't get it. You have to supply the email address that belongs to a registered user. Where it the hacker going to get that?

]]> By: Anonymous http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-842 Anonymous Tue, 11 Aug 2009 12:56:34 +0000 http://blog.sucuri.net/?p=85#comment-842 Only works on 2.8.x versions. Only works on 2.8.x versions.

]]> By: http://sucuri.net http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html/comment-page-1#comment-843 http://sucuri.net Tue, 11 Aug 2009 12:53:28 +0000 http://blog.sucuri.net/?p=85#comment-843 I was testing it over here and noticed that only works on Wordpress 2.8.0, 2.8.1, 2.8.2 and 2.8.3...<br /><br />I guess they didn't test on <= 2.7 versions. I was testing it over here and noticed that only works on WordPress 2.8.0, 2.8.1, 2.8.2 and 2.8.3…

I guess they didn't test on <= 2.7 versions.

]]>