CVE-2017-14990

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

Name	Vendor	Start Version	End Version
Wordpress	Wordpress	4.8.2 (including)	4.8.2 (including)
Wordpress	Ubuntu	esm-apps/xenial	*
Wordpress	Ubuntu	trusty	*
Wordpress	Ubuntu	upstream	*
Wordpress	Ubuntu	xenial	*
Wordpress	Ubuntu	zesty	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/37.html

References

http://www.securitytracker.com/id/1039554
https://core.trac.wordpress.org/ticket/38474
https://www.debian.org/security/2017/dsa-3997
http://www.securitytracker.com/id/1039554
https://core.trac.wordpress.org/ticket/38474
https://www.debian.org/security/2017/dsa-3997

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-14990
CWE	https://cwe.mitre.org/data/definitions/312.html

Cleartext Storage of Sensitive Information

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References