Wordpress iThemes Security (Better WP Security) Insecure Backup/Logfile Generation (access rights) ================================================================================================== Description =========== A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to backup/log files. By default, when using the "database backup on filesystem" feature, iThemes Security saves the backup files in a world-readable directory : wp-content/uploads/ithemes-security/backups The .htaccess file is generated during the plugin initial setup/update, only if the wp-content/uploads/ithemes-security/backups exists (or wp-content/uploads/ithemes-security/logs). Note that it does *NOT* exists by default. When running a backup, the ITSEC_Backup class creates the directory but *without* any .htaccess file inside. The same thing happens with log saving. If the webserver has directory listing enabled, then anybody can download the complete database backup or view the log files. **Access Vector**: remote **Security Risk**: high **Vulnerability**: CWE-219 **CVSS Base Score**: 7.5
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment