Vulnerability & Exploit Database

Back to search

WordPress Long Password DoS

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

auxiliary/dos/http/wordpress_long_password_dos

Authors

  • Javier Nieto Arevalo
  • Andres Rojas Guerrero
  • Rob Carr <rob [at] rastating.com>

References

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/dos/http/wordpress_long_password_dos msf auxiliary(wordpress_long_password_dos) > show actions ...actions... msf auxiliary(wordpress_long_password_dos) > set ACTION <action-name> msf auxiliary(wordpress_long_password_dos) > show options ...show and set options... msf auxiliary(wordpress_long_password_dos) > run