Tag Archives: LiteSpeedCache

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress

Leave a reply

August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress. We have branched off from Seclab news videos and started releasing separate episodes. Hooray! 🥳😎 If we get enough views, we will continue to release them in the future. It’s up to you, please follow the link to the video platform and click “Like” button and/or leave a comment. 🥺

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:48 Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077)
🔻 02:22 Security Feature Bypass – Windows Mark of the Web “Copy2Pwn” (CVE-2024-38213)
🔻 03:23 Elevation of Privilege – Windows Ancillary Function Driver for WinSock (CVE-2024-38193), Windows Kernel (CVE-2024-38106), Windows Power Dependency Coordinator (CVE-2024-38107)
🔻 04:50 Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

06:39 Check out the final jingle I generated using AI services 😉 (ToolBaz for lyrics and Suno for music)

На русском

A couple of interesting details about Unauthenticated Elevation of Privilege – WordPress LiteSpeed ​​Cache Plugin (CVE-2024-28000)

Leave a reply

A couple of interesting details about Unauthenticated Elevation of Privilege - WordPress LiteSpeed ​​Cache Plugin (CVE-2024-28000)

A couple of interesting details about Unauthenticated Elevation of Privilege – WordPress LiteSpeed ​​Cache Plugin (CVE-2024-28000).

🔹 The vulnerability was found by researcher John Blackbourn. He submitted it through the bug bounty program and received $14,400. 👏

🔹 The vulnerability cannot be exploited on Windows installations, because the function that is needed to generate the hash does not work on Windows. This is what researchers write in the write-up. However, they do not write how this plugin works on Windows installations and whether it works at all. 🤔 But if the plugin works and the vulnerability cannot be exploited, then it turns out that sometimes it is not such a strange idea to use Windows instead of Linux as a hosting OS for websites. 🙃

На русском

Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

Leave a reply

Unauthenticated Elevation of Privilege - WordPress LiteSpeed Cache Plugin (CVE-2024-28000)

Unauthenticated Elevation of Privilege – WordPress LiteSpeed Cache Plugin (CVE-2024-28000).

🔹 WordPress is a popular open source CMS (835 million websites) that supports third-party plugins.

🔹 LiteSpeed Cache is one such plugin. It increases the loading speed of website pages by caching them. The free version is used on 5 million websites.

On August 13, a critical vulnerability of this plugin was released. A remote unauthenticated attacker can obtain administrator rights. 😱 According to the write-up, the attacker brute-forces the hash used for authentication. This hash is generated insecurely, so there are only a million of its possible values. If you make 3 requests to the website per second, then brute-force and obtaining admin rights takes from several hours to a week.

👾 The PoC is available on GitHub and attackers are already actively exploiting the vulnerability.

Update to version 6.4.1 and higher.

На русском