WordPress 2.6.2 Released, Mandatory Update

WordPress team has released a new update to the 2.6 branch which addresses issues when your blog has public registrations open.

If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

This definitely looks a problem good enough to upgrade your WordPress right away, The exploit is not yet known and it is advised that you upgrade before the finder of the exploit makes the findings known to general public.

We have already updated to the latest version, since we have public registration open using WPAU, if you want to upgrade to WordPress easily, try this Google search and you will find what we are talking about

Download WordPress 2.6.2

Published by

Keith Dsouza

I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.