Security vulnerabilities in iThemes (3)
-
Time-Based-Side-Channel-Attack on 2FA secrets – (iThemes Security <= 8.1.2)
Affected plugin iThemes Security Active installs 1+ million Vulnerable version <= 8.1.2 Audited version 8.1.2 Fully patched version – Recommended remediation Removal of the plugin Description The plugin uses string comparison operators that don’t mitigate time-based attacks in almost all places where secret keys are compared to user input.A skilled attacker, given enough requests, can…
-
Compromise of 2FA secrets through read-only SQLi – (iThemes Security <= 8.1.2)
Affected plugin iThemes Security Active installs 1+ million Vulnerable version <= 8.1.2 Audited version 8.1.2 Fully patched version – Recommended remediation Removal of the plugin Description The plugin stores users’ TOTP secrets in plaintext in the database. An attacker that can obtain one of the seemingly never-ending read-only SQL-Injections will be able to bypass all…
-
DOS through IP spoofing – (iThemes Security <= 8.1.2)
The plugin is wide open to IP spoofing which an attacker can use to exploit to ban search-engine crawlers, the site’s reverse proxy, or legitimate users.