Vigil@nce - WordPress: denial of service via class-phpass.php
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can change the hash complexity of class-phpass.php of
WordPress, in order to trigger a denial of service.
– Impacted products: WordPress Core
– Severity: 2/4
– Creation date: 11/06/2013
DESCRIPTION OF THE VULNERABILITY
WordPress uses its own algorithm to hash user’s passwords. It is
implemented in the class-phpass.php file.
A hashed password has for example the following format:
"$P$Cpaddding". The fourth character (’C’) indicates the algorithm
complexity, which is the number of iterations of the hashing loop.
However, the limit is too high. For example, the character ’S’
forces a loop of one billion iterations.
An attacker can therefore change the hash complexity of
class-phpass.php of WordPress, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-denial-of-service-via-class-phpass-php-12936