Request a Demo

WordPress XML-RPC authentication brute force

Description

During the scan, Kayran managed to find a Vulnerable XML-RPC file. XML-RPC is a file that enables WordPress to connect to other systems. Being done by a high standard of communication using HTTP as a transport mechanism and XML as the encoding mechanism.

The attacker sends high amount of requests to the website holding different usernames and passwords, that way, attackers performs a brute-force attack that could eventually, “hit” one of the correct ones and will allow them unauthorized access to your site.

A brute force attack is a widespread cracking method.Some attackers use applications and scripts as tools to perform these types of attacks. These tools try out numerous password combinations to bypass authentication processes. Attackers use this method to “guess” passwords, discover hidden URLs and expose encrypted or hashed passwords. Brute Force attacks are relatively unsophisticated but their chances of success are high.

Severity/Score

CVSS Version 3.x – 5.8 Medium

Recommendation

To prevent this vulnerability, you should download a plugin called “Disable XML-RPC plugin”.
Another option will be to add the following line to xmlrpc.php –
add_filter (‘xmlrpc_enabled’, ‘__return_false’);

References

https://wordpress.org/support/article/updating-wordpress/

< Return to all Vulnerabilities

Request a Demo

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »
Facebook Linkedin

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?

Log in
Facebook Linkedin