Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- If anyone with RNG breaking experience (cough solar designer cough) can PoC
- it, without the patch I've provided you should be able to trivially predict
- the password reset token for admin users and take over any WordPress site
- completely.
- Let's translate this statement.
- IF
- anyone smarter than me (e.g. solardiz) can write a Proof of Concept code for the WP RNG
- THEN
- you should be able to trivially predict the password reset token for admin users and take over any WordPress site completely
- UNLESS
- you patch the RNG to use a true CSPRNG (/dev/urandom for instance)
- Slicing the conditional statement here is intellectually dishonest.
- @voodooKobra
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement