SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   WordPress Vendors:   wordpress.org
WordPress Password Reset Server Name Validation Flaw Lets Remote Users Obtain Password Reset Information for the Target User in Certain Cases
SecurityTracker Alert ID:  1038403
SecurityTracker URL:  http://securitytracker.com/id/1038403
CVE Reference:   CVE-2017-8295   (Links to External Site)
Date:  May 4 2017
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): 4.7.4 and prior
Description:   A vulnerability was reported in WordPress. A remote user can obtain a password reset code for the target user in certain cases.

The password reset function uses the PHP '$_SERVER['SERVER_NAME']' function and does not properly validate the site domain name.

A remote user can supply a specially crafted HTTP_HOST header value to the password reset page to, on some web server configurations, modify the SMTP 'From' or 'Return-Path' email header values used for sending the password reset email. If the target user's email server is not able to deliver SMTP messages to the target user, the password reset email may be returned to the remote user's email address.

As a result, a remote user may be able to obtain the password reset code. The specific impact depends on the type of web server, the web server configuration, and the scenario-dependent conditions (e.g., target user mail server status).

The vendor was notified in July 2016.

Dawid Golunski (@dawid_golunski) reported this vulnerability.

Impact:   A remote user may be able to obtain a password reset code for a target user's account in certain situations.
Solution:   No solution was available at the time of this entry.
Vendor URL:  exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC