WordPress Insufficient Cryptography vulnerabilities (10)
-
Encryption key is stored in version control – (WPMU Defender – 3.3.2)
Affected plugin WPMU Defender Active installs 70,000+ Vulnerable version 3.3.2 Audited version 3.3.2 Fully patched version 3.3.3 Recommended remediation Immediately update to version 3.3.3 or higher and reset all TOTP secrets. Description The plugin uses symmetric encryption before storing users’ TOTP secrets in the database. However, the encryption key is stored in version control and […]
-
Compromise of 2FA secrets and backup codes through read-only SQLi – (WordFence <= 7.6.2)
The plugin stores users’ emergency backup codes and TOTP secrets as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
Compromise of 2FA secrets through read-only SQLi – (Shield Security <= 16.1.6)
The plugin stores users’ emergency backup codes and TOTP secrets as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
Compromise of 2FA secrets and backup codes through read-only SQLi – (WordFence Login Security <= 1.0.11)
The plugin stores users’ emergency backup codes and TOTP secrets as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
Broken encryption allows 2FA bypass – (All in One WP Security <= 5.0.7)
The plugin employs a broken encryption scheme that allows an attacker to permanently bypass all 2FA checks under the condition that the target website was vulnerable at any point in time to one of the never-ending read-only SQL-Injections in any plugin, theme, or WordPress core.
-
Compromise of 2FA secrets and emergency codes through read-only SQLi – (WPMU Defender <= 3.3.0)
Affected plugin WPMU Defender Active installs 70,000+ Vulnerable version <= 3.3.0 Audited version 3.2.0 Fully patched version – Recommended remediation Removal of the plugin Description The plugin stores users’ emergency backup codes and TOTP secrets as plaintext in the database.An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to […]
-
Compromise of 2FA secrets through read-only SQLi – (iThemes Security <= 8.1.2)
Affected plugin iThemes Security Active installs 1+ million Vulnerable version <= 8.1.2 Audited version 8.1.2 Fully patched version – Recommended remediation Removal of the plugin Description The plugin stores users’ TOTP secrets in plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all […]
-
Compromise of 2FA secrets and backup codes possible through read-only SQLi – (miniOrange <= 5.5.82)
The plugin stores users’ emergency backup codes as plain text in the database. Furthermore, users’ TOTP secret keys are encrypted but the encryption keys are stored in the same database as the encrypted ciphertexts. An attacker that is able to obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
Insecure Randomness for encryption keys – (miniOrange <= 5.5.82)
The plugin uses a non-randomly-generated, eight-character string as OpenSSL encryption keys.
-
Compromise of 2FA secrets codes possible through read-only SQLi – (Google Authenticator-Factor <= 0.54)
The plugin stores users’ TOTP secret keys as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.