CVE-2008-4106

WordPress Core < 2.6.2 - Arbitrary User Password Reset

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

WordPress anterior a v2.6.2 no maneja adecuadamente las advertencias MySQL relacionadas con la inserción de nombres de usuarios con un tamaño superior al ancho de la columna del user_login, y no maneja correctamente los espacios a la hora de comparar nombres de usuario, lo que permite a atacantes remotos modificar las contraseñas de usuarios de su elección a un valor aleatorio registrando un nombre de usuario similar y posteriormente realizando un reinicio de contraseña, relacionado con la "Vulnerabilidad de truncado de columna SQL" (SQL column truncation vulnerability). NOTA: el atacante puede descubrir la contraseña aleatoria explotando la vulnerabilidad CVE-2008-4107.

*Credits: Stefan Esser

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-09-08 CVE Published
2008-09-15 CVE Reserved
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-197: Numeric Truncation Error

CAPEC

References (17)

URL	Tag	Source
http://marc.info/?l=oss-security&m=122152830017099&w=2	Mailing List
http://secunia.com/advisories/31737	Third Party Advisory
http://securityreason.com/securityalert/4272	Third Party Advisory
http://securitytracker.com/id?1020869	Vdb Entry
http://www.openwall.com/lists/oss-security/2008/09/11/6	Mailing List
http://www.securityfocus.com/archive/1/496287/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/31068	Vdb Entry
http://www.sektioneins.de/advisories/SE-2008-05.txt	X_refsource_misc
http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities	X_refsource_misc
http://www.vupen.com/english/advisories/2008/2553	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/6397	2024-08-07
https://www.exploit-db.com/exploits/6421	2024-08-07

URL	Date	SRC
http://wordpress.org/development/2008/09/wordpress-262	2018-10-11

URL	Date	SRC
http://secunia.com/advisories/31870	2018-10-11
http://www.debian.org/security/2009/dsa-1871	2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html	2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				<= 2.6.1 Search vendor "Wordpress" for product "Wordpress" and version " <= 2.6.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				0.71-gold Search vendor "Wordpress" for product "Wordpress" and version "0.71-gold"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.0-platinum Search vendor "Wordpress" for product "Wordpress" and version "1.0-platinum"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.0.1-miles Search vendor "Wordpress" for product "Wordpress" and version "1.0.1-miles"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.0.2-blakey Search vendor "Wordpress" for product "Wordpress" and version "1.0.2-blakey"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2-delta Search vendor "Wordpress" for product "Wordpress" and version "1.2-delta"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2-mingus Search vendor "Wordpress" for product "Wordpress" and version "1.2-mingus"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2.1 Search vendor "Wordpress" for product "Wordpress" and version "1.2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2.2 Search vendor "Wordpress" for product "Wordpress" and version "1.2.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5-strayhorn Search vendor "Wordpress" for product "Wordpress" and version "1.5-strayhorn"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.1.1 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.1.2 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.1.3 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.2 Search vendor "Wordpress" for product "Wordpress" and version "1.5.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0 Search vendor "Wordpress" for product "Wordpress" and version "2.0"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.1 Search vendor "Wordpress" for product "Wordpress" and version "2.0.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.4 Search vendor "Wordpress" for product "Wordpress" and version "2.0.4"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.5 Search vendor "Wordpress" for product "Wordpress" and version "2.0.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.6 Search vendor "Wordpress" for product "Wordpress" and version "2.0.6"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.7 Search vendor "Wordpress" for product "Wordpress" and version "2.0.7"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.9 Search vendor "Wordpress" for product "Wordpress" and version "2.0.9"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.10 Search vendor "Wordpress" for product "Wordpress" and version "2.0.10"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.11 Search vendor "Wordpress" for product "Wordpress" and version "2.0.11"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1.2 Search vendor "Wordpress" for product "Wordpress" and version "2.1.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1.3 Search vendor "Wordpress" for product "Wordpress" and version "2.1.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.2.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.5 Search vendor "Wordpress" for product "Wordpress" and version "2.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.5.1 Search vendor "Wordpress" for product "Wordpress" and version "2.5.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.6 Search vendor "Wordpress" for product "Wordpress" and version "2.6"		-		Affected