Upgrade Your WordPress
There is a security vul in WordPress blogs that could allow an attacker to reset other users’ passwords.
From the WPBlog here:
If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
So keep that blog updated, ya’ll!
Thankfully I have been so busy and/or without internet that I’m still at 2.5.1!
(Backing up now so I can upgrade. Thanks. 🙂 )