A security researcher Krzysztof Katowicz-Kowalewski has discovered a critical DOS vulnerability in the latest version of Wordpress (v3.5.1) that allows cybercriminals to cause Denial of service.
The security flaw is "caused due to an error when calculating the hash cycle count within the "crypt_private()" method in /wp-includes/class-phpass.php" according to Secunia report.
By sending specially crafted password cookie, an attacker can cause damage to the website. However, the exploit is limited to those websites who have at least one password protected post and the attacker should have the knowledge of the URL for that post.
Secunia has confirmed the vulnerability existence in latest version 3.5.1. Previous version might also be impacted by the security bug.
The researcher has informed the Wordpress security Team about the security flaw, but since he didn't receive any response from them , he decided to disclose the bug.
The security flaw is "caused due to an error when calculating the hash cycle count within the "crypt_private()" method in /wp-includes/class-phpass.php" according to Secunia report.
By sending specially crafted password cookie, an attacker can cause damage to the website. However, the exploit is limited to those websites who have at least one password protected post and the attacker should have the knowledge of the URL for that post.
Secunia has confirmed the vulnerability existence in latest version 3.5.1. Previous version might also be impacted by the security bug.
The researcher has informed the Wordpress security Team about the security flaw, but since he didn't receive any response from them , he decided to disclose the bug.