This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The Wordpress development team reports :
With open registration enabled, it is possible in WordPress versions
2.6.1 and earlier to craft a username such that it will allow
resetting another users password to a randomly generated password. The
randomly generated password is not disclosed to the attacker, so this
problem by itself is annoying but not a security exploit. However,
this attack coupled with a weakness in the random number seeding in
mt_rand() could be used to predict the randomly generated password.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.4
Public Exploit Available : true
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 34152 (freebsd_pkg_884fced77f1c11dda66a0019666436c2.nasl)
Bugtraq ID: 31068
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now