WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability

SECRET_KEY is the new addition to wordpress Security which is introduced in the WordPress 2.5. SECRET_KEY is used to secure WordPress Cookies. But an attacker can use this Key to intrude the WordPress system. In a recently found vulnerability discovered by xiam and published in Security Focus shows that an attacker can get into the system through this technique.

Vulnerability report mentioned it as Medium severity and It affects only a determinate part of the WordPress users under specific conditions.

WordPress Community has rapidly announced a security fix for the Vulnerbility in their New WordPress 2.5.1 Version which comes with more than 70 Bug Fixes as well. So if you are still using 2.5 you are in a security risk. Upgrade to WordPress 2.5.1 as soon as possible and update your SECRET_KEY.

Comments are closed.