WordPress RSS/Atom Feed Password Protected Entry Disclosure

2005-03-06T02:53:57
ID OSVDB:16436
Type osvdb
Reporter Romain Dardour(info@mindblaze.net)
Modified 2005-03-06T02:53:57

Description

Vulnerability Description

WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a password protected post is created with included files which the RSS 2.0 or Atom feed then outputs, even if a password is not entered, which will disclose potentially sensitive information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a password protected post is created with included files which the RSS 2.0 or Atom feed then outputs, even if a password is not entered, which will disclose potentially sensitive information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.wordpress.org/ Vendor Specific News/Changelog Entry: http://mosquito.wordpress.org/view.php?id=1078 Vendor Specific News/Changelog Entry: http://mosquito.wordpress.org/view.php?id=1040 Other Advisory URL: http://www.mindblaze.net/articles/information-technology/security-breach-in-wordpress-15-rss-feeds-enclosures/