WordPress XML-RPC authentication brute force

Description

XML-RPC is a file that enables WordPress to connect to other systems.

It is being done by a high standard of communication via HTTP as the transport mechanism and XML as the encoding mechanism.

Bussines Impact

The attacker sends a high amount requests to the website holding different usernames and passwords, by that the attacker performs a brute-force attack that could eventually “hit” one of the correct ones and allow them unauthorized access to your site.

Recommendation

To prevent this vulnerability from happening in the use download a plugin called Disable XML-RPC plugin, another option will be to add the following line to xmlrpc.php – add_filter (‘xmlrpc_enabled’, ‘__return_false’);

More Details

A brute force attack is a widespread cracking method.
Some attackers use applications and scripts as brute force tools. These tools try out numerous password combinations to bypass authentication processes.

Attackers use this method to “guess” passwords, discover hidden URLs, or expose encrypted or hashed passwords, Brute force attacks are relatively unsophisticated but have a significant gain.

Reference

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »