Security Hole for unconfigured WordPress 2.8
-
Heads Up !
Public Windows XP users can remotely configure an unconfigured WordPress website without authentication. Any networked Windows XP/Vista client sees a startup configuration page and seems to have access defining key parameters of the website. This configuration page times out to a standard DNS Error page – the user can go back to the configuration page and change parameters on the unconfigured website.
Although this is a transitional situation, it appears to be a serious security issue.
Cheers … Tim MacKenzie
- The topic ‘Security Hole for unconfigured WordPress 2.8’ is closed to new replies.