Home » WordPress Tips and Tricks

WordPress 2.6.2 Released, Mandatory Update

by | Monday, 08th Sep 2008 | 2 Comments | Share

WordPress team has released a new update to the 2.6 branch which addresses issues when your blog has public registrations open.

If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

This definitely looks a problem good enough to upgrade your WordPress right away, The exploit is not yet known and it is advised that you upgrade before the finder of the exploit makes the findings known to general public.

We have already updated to the latest version, since we have public registration open using WPAU, if you want to upgrade to WordPress easily, try this Google search and you will find what we are talking about

Download WordPress 2.6.2

After Reading This Post Other People Went on to Read: »

Author:

I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website.I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

Keith Dsouza has written

The author of this post can be contacted at keith@techie-buzz.com

Comment Using Facebook

2 Responses to this Article | Share your Opinions/Comments

We moderate comments to prevent spam. Moderation is done within few hours. Please try and stay on topic and refrain from using abusive language. If you think there is a problem with this post, please email the post author or send us an email at tips@techie-buzz.com with the URL and the problem you see and we will rectify it as soon as we can.

  1. Ann Arbor Web Design on September 9th, 2008 at 11:45 am #

    Thanks for that timely reminder about wordpress’s 2.6.2 update I keep meaning to get around to it.