Yet, one other necessary severity vulnerability has been stumbled on in LiteSpeed Cache, a caching plugin for speeding up individual browsing in over 6 million WordPress web sites.
The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated fable takeover situation,ย used to be stumbled on by Patchstack’s Rafie Muhammad on August 22, 2024. A repair used to be made on hand yesterday with the commence of LiteSpeed Cache version 6.5.0.1.
Debug characteristic writes cookies to file
The vulnerability is tied to the plugin’s debug logging characteristic, which logs all HTTP response headers right into a file, along with the “Disclose-Cookie” header, when enabled.
These headers beget session cookies aged to authenticate users, so if an attacker can seizeย them, they’ll impersonate an admin individual and rob full retain watch over of the location.
To exploit the flaw, an attacker possess so that you simply can entry the debug log file in ‘/wp-dispute material/debug.log.’ When no file entry restrictions (equivalent to .htaccess principles) possess been implemented, right here’s that that you simply may per chance well doubtless also mediate of by simply coming into the accurate URL.
For certain, the attacker will easiest be in a position to snatch the session cookies of users who logged in to the location whereas the debug characteristic used to be energetic, however this involves even login events from the previous if the logs are kept indefinitely and never wiped periodically.
The plugin’s vendor, LiteSpeed Applied sciences, addressed the location by transferring the debug log to a dedicated folder (‘/wp-dispute material/litespeed/debug/’), randomizing log filenames, eradicating the selection to log cookies, and along with a dummy index file for added safety.
Users of LiteSpeed Cache are instructed to purge all ‘debug.log’ recordsdata from their servers to delete potentially legitimate session cookies that may per chance well well be stolen by threat actors.
An .htaccess rule to thunder declare entry to the log recordsdata need to also be location, as the randomized names on the original system may per chance well also light be guessed thru multiple attempts/brute-forcing.
WordPress.org reports that right form over 375,000 users downloaded LiteSpeed Cache yesterday, the day v6.5.0.1 used to be released, so the form of sites final at threat of these assaults may per chance well also surpass 5.6 million.
LiteSpeed Cache underneath fire
The explicit plugin has remained at the epicenter of safety overview lately for its big reputation and since hackers are consistently shopping for alternatives to assault web sites thru it.
In Would possibly per chance also 2024, it used to be seen that hackers possess been concentrating on an outdated version of the plugin, impacted by an unauthenticated injurious-situation scripting flaw tracked as CVE-2023-40000, to invent administrator users and rob retain watch over of sites.
More now not too prolonged ago, on August 21, 2024, a necessary unauthenticated privilege escalation vulnerability tracked as CVE-2024-28000 used to be stumbled on, with researchers sounding the apprehension about how easy it used to be to make essentially the most of.
It easiest took threat actors about a hours after the disclosure of the flaw sooner than they started attacking web sites en masse, with Wordfence reporting blocking practically 50,000 assaults.
On the present time, two weeks possess handed for the reason that preliminary disclosure, and the identical portal reports 340,000 assaults in the previous 24 hours.
Leave a Reply