Home > Vulnerability Database > CVE-2014-6412

Mend.io Vulnerability Database

CVE-2014-6412

Good to know:

Date: April 12, 2018

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

Language: PHP

Severity Score

8.1

Related Resources (9)

Url: https://core.trac.wordpress.org/ticket/28633

Url: http://www.securitytracker.com/id/1031749

Url: http://seclists.org/fulldisclosure/2015/Feb/53

Url: http://seclists.org/fulldisclosure/2015/Feb/42

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1192474

Url: http://packetstormsecurity.com/files/130380/WordPress-Failed-Randomness.html

Url: http://www.securityfocus.com/bid/72589

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-6412

Url: https://www.mend.io/vulnerability-database/CVE-2014-6412

Severity Score

8.1

Weakness Type (CWE)

Weak Password Recovery Mechanism for Forgotten Password

CWE-640

Top Fix

Upgrade Version

Upgrade to version johnpbloch/wordpress-core - 3.5.1;johnpbloch/wordpress-core - 2.8.1;johnpbloch/wordpress-core - 3.8.33;johnpbloch/wordpress-core - 2.9.1;johnpbloch/wordpress-core - 3.7.36;johnpbloch/wordpress-core - 3.0.1;johnpbloch/wordpress-core - 3.7.33;johnpbloch/wordpress-core - 3.8.0;johnpbloch/wordpress-core - 3.9.34;johnpbloch/wordpress-core - 3.6.1;johnpbloch/wordpress-core - 3.4.1;johnpbloch/wordpress-core - 2.2.1;johnpbloch/wordpress-core - 3.9.0;johnpbloch/wordpress-core - 3.8.36;johnpbloch/wordpress-core - 3.9.31;johnpbloch/wordpress-core - 2.3.1;johnpbloch/wordpress-core - 4.0.0;johnpbloch/wordpress-core - 2.6.1;johnpbloch/wordpress-core - 3.2.1;johnpbloch/wordpress-core - 3.8.1;johnpbloch/wordpress-core - 3.3.1;johnpbloch/wordpress-core - 2.5.1;johnpbloch/wordpress-core - 3.7.1;johnpbloch/wordpress-core - 2.7.1;johnpbloch/wordpress-core - 3.1.1;johnpbloch/wordpress-core - 1.5.1;johnpbloch/wordpress-core - 3.9.1;medreleaf/wordpress - 4.0.x-dev;designsecurity/progpilot - dev-master;designsecurity/progpilot - no_fix;designsecurity/progpilot - dev-update_doc_grumphp;designsecurity/progpilot - v0.1.0;wp-extended/wordpress - 3.6.1;wp-extended/wordpress - 3.3.1;wp-extended/wordpress - 2.1.1;wp-extended/wordpress - 2.7.1;wp-extended/wordpress - 3.9.1;wp-extended/wordpress - 2.8.1;wp-extended/wordpress - 3.2.1;wp-extended/wordpress - 2.5.1;wp-extended/wordpress - 3.7.1;wp-extended/wordpress - 2.3.1;wp-extended/wordpress - 3.4.1;wp-extended/wordpress - 1.5.1;wp-extended/wordpress - 3.5.1;wp-extended/wordpress - 3.1.1;wp-extended/wordpress - 2.6.1;wp-extended/wordpress - 2.9.1;wp-extended/wordpress - 2.2.1;wp-extended/wordpress - 3.8.1;wp-extended/wordpress - 3.0.1;wp-extended/wordpress - 2.0.1;kanopi/wordpress-core - 1.5.2;kanopi/wordpress-core - 3.7.10;kanopi/wordpress-core - 3.8;kanopi/wordpress-core - 4.0.1;kanopi/wordpress-core - 3.2;kanopi/wordpress-core - 3.7.3;kanopi/wordpress-core - 3.7.28;kanopi/wordpress-core - 3.7.26;kanopi/wordpress-core - 2.2;kanopi/wordpress-core - 2.0.10;kanopi/wordpress-core - 3.7.33;kanopi/wordpress-core - 2.8.1;kanopi/wordpress-core - 1.5.1.1;humanit-se/wordpress-sv - v4.0.1;blair2004/themosis - 0.9.1;mvpdesign/themosis - 0.9.1;roots/wordpress - 4.0.1;yott/wordpress - 4.0.1;mindgruve/wordpress - 4.0.1;mindgruve/wordpress - 2.8.3;dotcra/wprdpress - 4.0.1;roots/wordpress-full - 3.8.38;roots/wordpress-full - 4.0.35;roots/wordpress-full - 3.9.36;jesseberkhof/wordpress-fork - 4.0.1;my-oos/my-oos - v2.0.29;roots/wordpress-no-content - 4.0.35;roots/wordpress-no-content - 3.9.36;roots/wordpress-no-content - 3.8.38;cyruscollier/wordpress-develop - 4.0.1;acosf/archersys - v2.5-alpha;acosf/archersys - 2.0.0;pantheon-systems/wordpress-composer - 4.x-dev;openify/wordpress-composer - no_fix;webfatorial/wordpress - 4.0.1;zynfly/themosis - 0.9.1;inpsyde/wordpress-dev - 4.0.x-dev;wplib/wordpress - 4.0.1;gladeye/themosis - 0.9.1;kinsta/kinsta-mu-plugins - 4.x-dev;radialfunction/unicourt-blog - 4.0.1;themosis/themosis - 0.9.1;digitalmeat/themosis - 0.9.1;ixa/wordpress-core - 4.0;vocativ/wordpress - 4.0.x-dev

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-6412

Good to know:

Date: April 12, 2018

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?