WordPress Sensitive Data Exposure vulnerabilities (6)
-
Time-Based-Side-Channel-Attack on secrets – (Two-Factor <= 0.7.1)
The plugin uses string comparison operators that don’t mitigate time-based attacks in almost all places where secret keys are compared to user input. A skilled attacker, given enough requests, can abuse this to reverse secrets using time-based-side-channel attacks.
-
Exposure of secrets through insecure HTTP cookies – (SiteGround Security <= 1.3.0)
The plugin uses HTTP cookies to store secret information. However, by using PHP’s “setcookie” function incorrectly, the plugin allows an attacker to read these cookies with JavaScript (XSS) or steal them over insecure HTTP connections (Man-in-the-middle-attack).
-
Time-based-side-channel-attacks on secrets – (SiteGround Security <= 1.3.0)
The plugin uses string comparison operators that don’t mitigate time-based attacks in several places where secrets are compared to user input. A skilled attacker, given enough requests, can abuse this to reverse secrets using time-based-side-channel attacks.
-
Exposure of encryption secrets in world-readable .txt file (WP 2FA <= 2.3.0)
The plugin will, under certain conditions, log all users’ 2FA secrets to a world-readable .txt file in the “wp-uploads” directory.
-
Time-Based-Side-Channel-Attack on secrets – WP 2FA <= 2.3.0
The plugin uses string comparison operators that don’t mitigate time-based attacks in almost all places where secret keys are compared to user input. A skilled attacker, given enough requests can abuse this to reverse secrets using time-based-side-channel attacks.
-
Time-Based-Side-Channel-Attack on backup codes – Two Factor Authentication (Updraft) <= 1.14.5
The plugin uses string comparison operators that don’t mitigate time-based-side-channel-attacks, which could be abused to reverse engeneer information about a user’s emegerncy backup cods.