WordPress 2.6.2 Released, Mandatory Update

by Keith Dsouza | Translate | Print
Monday, 08th Sep 2008 | Share


Share WordPress 2.6.2 Released, Mandatory Update on Twitter Share WordPress 2.6.2 Released, Mandatory Update on Facebook Save WordPress 2.6.2 Released, Mandatory Update To Delicious Favorites Stumble WordPress 2.6.2 Released, Mandatory Update Share WordPress 2.6.2 Released, Mandatory Update on Digg Get Instant Updates as RSS Feeds from Techie Buzz

WordPress team has released a new update to the 2.6 branch which addresses issues when your blog has public registrations open.

If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

This definitely looks a problem good enough to upgrade your WordPress right away, The exploit is not yet known and it is advised that you upgrade before the finder of the exploit makes the findings known to general public.

We have already updated to the latest version, since we have public registration open using WPAU, if you want to upgrade to WordPress easily, try this Google search and you will find what we are talking about

Download WordPress 2.6.2



Share

You might also like:

Find something interesting.


Custom Search

About This Author

Author: Keith Dsouza

Keith is the editor-in-chief and owner of Techie Buzz. Keith is a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza

Keith Dsouza has written 2258 articles for us.

Tags: , ,

2 Responses so far | Share Your Opinions!

  1. Ann Arbor Web Design
    September 9th, 2008 at 11:45 am #

    Thanks for that timely reminder about wordpress’s 2.6.2 update I keep meaning to get around to it.

    Reply to this comment


Trackbacks

  1. Another Wordpress Release: Version 2.6.2 | afewgoodpens.com

Leave a Comment

Note: We discourage users from using keywords in their names while posting comments, most of them get caught by spam, also it really would be more fruitful in knowing people who comment by their real name, rather than by using a name no one relates to. In future we reserve the right to delete comments from users using a name other than their own.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>