WordPress Insufficient Cryptography vulnerabilities (6)
-
Compromise of 2FA secrets through read-only SQLi – (iThemes Security <= 8.1.2)
Affected plugin iThemes Security Active installs 1+ million Vulnerable version <= 8.1.2 Audited version 8.1.2 Fully patched version – Recommended remediation Removal of the plugin Description The plugin stores users’ TOTP secrets in plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all…
-
Compromise of 2FA secrets and backup codes possible through read-only SQLi – (miniOrange <= 5.5.82)
The plugin stores users’ emergency backup codes as plain text in the database. Furthermore, users’ TOTP secret keys are encrypted but the encryption keys are stored in the same database as the encrypted ciphertexts. An attacker that is able to obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA…
-
Insecure Randomness for encryption keys – (miniOrange <= 5.5.82)
The plugin uses a non-randomly-generated, eight-character string as OpenSSL encryption keys.
-
Compromise of 2FA secrets codes possible through read-only SQLi – (Google Authenticator-Factor <= 0.54)
The plugin stores users’ TOTP secret keys as plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
Compromise of 2FA secrets codes possible in combination with SQLi – (Two-Factor <= 0.7.2)
The plugin stores users’ TOTP secret keys and emergency backup codes as plain text in the database. An attacker that is able to obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.
-
Compromise of 2FA secrets and backup codes possible in combination with SQLi – (SiteGround Security <= 1.3.0)
The plugin stores users’ TOTP secret keys and emergency backup codes as plain text in the database. An attacker that is able to obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all 2FA checks for all users indefinitely.