ID CVE-2017-14990
Summary WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
References
Vulnerable Configurations
  • cpe:2.3:a:wordpress:wordpress:4.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:4.8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-312
CAPEC
  • Retrieve Embedded Sensitive Data
    An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
debian DSA-3997
misc https://core.trac.wordpress.org/ticket/38474
sectrack 1039554
Last major update 03-10-2019 - 00:03
Published 03-10-2017 - 01:29
Last modified 03-10-2019 - 00:03
Back to Top