HlidacStatu / Hlidac-Statu

Kompletní zdrojový kód pro web hlidacstatu.cz. Pomozte nám rozvíjet a vylepšovat jeden z největších a nejdůležitějších serverů pro transparentnost státu v ČR.
https://www.hlidacstatu.cz
GNU Affero General Public License v3.0
25 stars 7 forks source link

wp - issue #328

Open lenka-crypto opened 8 months ago

lenka-crypto commented 8 months ago

citace z e-mailu na podporu (freshdesk # 16658):

I found a security issue in your system.

Vulnerability Type: wp-user-enum Severity: [low] URL: https://texty.hlidacstatu.cz/wp-json/wp/v2/users/

Info: name: WordPress REST API User Enumeration author: Manas_Harsh,daffainfo,geeknik,dr0pd34d severity: low description: | The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. impact: | An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering. remediation: | Install a WordPress plugin such as Stop User Enumeration. Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user names.

lenka-crypto commented 6 months ago

další via freshdesk # 16727