BID:53280

WordPress Anti-CSRF Token Security Bypass Weakness

Info

WordPress Anti-CSRF Token Security Bypass Weakness

Bugtraq ID:	53280
Class:	Design Error
CVE:	CVE-2012-1936
Remote:	Yes
Local:	No
Published:	Apr 27 2012 12:00AM
Updated:	Apr 27 2012 12:00AM
Credit:	Ivano Binetti
Vulnerable:	WordPress WordPress 3.1.4 WordPress WordPress 3.1.3 WordPress WordPress 3.1.2 WordPress WordPress 3.1.1 WordPress WordPress 3.0.5 WordPress WordPress 3.0.4 WordPress WordPress 3.0.3 WordPress WordPress 3.0.2 WordPress WordPress 2.9.2 WordPress WordPress 2.9.1 WordPress WordPress 2.8.6 WordPress WordPress 2.8.5 WordPress WordPress 2.8.4 WordPress WordPress 2.8.3 WordPress WordPress 2.8.2 WordPress WordPress 2.8.1 WordPress WordPress 3.3.1 WordPress WordPress 3.3 WordPress WordPress 3.1.3 WordPress WordPress 3.1 WordPress WordPress 3.0.6 WordPress WordPress 3.0.4 WordPress WordPress 3.0.3 WordPress WordPress 3.0.2 WordPress WordPress 3.0.1 WordPress WordPress 3.0 WordPress WordPress 2.9.1.1 WordPress WordPress 2.9 WordPress WordPress 2.8.5.2 WordPress WordPress 2.8.5.1 WordPress WordPress 2.8

Not Vulnerable:

Discussion

WordPress Anti-CSRF Token Security Bypass Weakness

WordPress is prone to a security-bypass weakness because of a design error in the implementation anti-CSRF token security feature.

An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks.

Note: To exploit this issue, an attacker must need to know the anti-CSRF token of the victim within 12 hours by means of other attacks.

WordPress versions 3.3.1 and prior are vulnerable; other versions may also affected.

Exploit / POC

WordPress Anti-CSRF Token Security Bypass Weakness

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Solution / Fix

WordPress Anti-CSRF Token Security Bypass Weakness

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

References

WordPress Anti-CSRF Token Security Bypass Weakness

References:

WordPress 3.3.1 Multiple CSRF Vulnerabilities (Ivano Binetti)
Wordpress Homepage (Wordpress)