{"id":6672,"date":"2023-04-12T04:30:20","date_gmt":"2023-04-12T04:30:20","guid":{"rendered":"https:\/\/musilda.cz\/?p=6672"},"modified":"2023-04-12T04:30:20","modified_gmt":"2023-04-12T04:30:20","slug":"aktualizace-pluginu-limit-login-attempts-opravuje-zavaznou-bezpecnostni-chybu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/aktualizace-pluginu-limit-login-attempts-opravuje-zavaznou-bezpecnostni-chybu\/","title":{"rendered":"Aktualizace pluginu Limit Login Attempts opravuje z\u00e1va\u017enou bezpe\u010dnostn\u00ed chybu"},"content":{"rendered":"\n

Dne 26. ledna 2023 byla t\u00fdmem Wordfence objevena zranitelnost Cross-Site Scripting v pluginu Limit Login Attempts pro WordPress, kter\u00fd je nainstalov\u00e1n na v\u00edce ne\u017e 600 000 webov\u00fdch str\u00e1nk\u00e1ch a umo\u017e\u0148uje blokov\u00e1n\u00ed IP adres, kter\u00e9 se opakovan\u011b sna\u017eily ne\u00fasp\u011b\u0161n\u011b p\u0159ihl\u00e1sit.<\/p>\n\n\n\n

Tato zranitelnost postihuje verze pluginu a\u017e do verze 1.7.1 v\u010detn\u011b. Oprava pro tuto zranitelnost byla vyd\u00e1na 4. dubna 2023 jako verze 1.7.2. V\u0161em majitel\u016fm web\u016f se doporu\u010duje co nejd\u0159\u00edve prov\u00e9st aktualizaci na verzi 1.7.2.<\/p>\n\n\n\n

Plugin Limit Login Attempts poskytuje r\u016fzn\u00e9 mo\u017enosti konfigurace, v\u010detn\u011b maxim\u00e1ln\u00edho po\u010dtu pokus\u016f o p\u0159ihl\u00e1\u0161en\u00ed, doby trv\u00e1n\u00ed uzam\u010den\u00ed, doby vypr\u0161en\u00ed uzam\u010den\u00ed a volby protokolov\u00e1n\u00ed a oznamov\u00e1n\u00ed. Zranitelnost s ozna\u010den\u00edm CVE-2023-1912 se t\u00fdk\u00e1 specifick\u00e9 konfigurace, kde volba „P\u0159ipojen\u00ed k webu“ mus\u00ed b\u00fdt nastavena na „Zpoza reverzn\u00ed proxy“ a mus\u00ed b\u00fdt povoleno protokolov\u00e1n\u00ed IP adres b\u011bhem uzam\u010den\u00ed.<\/p>\n\n\n\n

Pokud je povolena volba detekce reverzn\u00edho proxy serveru, plugin Limit Login Attempts pou\u017eije hlavi\u010dku X-Forwarded-For k ur\u010den\u00ed IP adresy n\u00e1v\u0161t\u011bvn\u00edka. Tato hlavi\u010dka je sice podvr\u017een\u00e1 v HTTP, ale plugin nab\u00edz\u00ed jej\u00ed pou\u017eit\u00ed jako alternativu pro ty, kte\u0159\u00ed pou\u017e\u00edvaj\u00ed vyrovn\u00e1va\u010d z\u00e1t\u011b\u017ee nebo zpracovatel mezipam\u011bti. Toto nastaven\u00ed v\u0161ak nen\u00ed pou\u017eito ve v\u00fdchoz\u00edm nastaven\u00ed.<\/p>\n\n\n\n

Kdy\u017e je zapnut\u00e1 funkce protokolov\u00e1n\u00ed v pluginu, bloky p\u0159ihl\u00e1\u0161en\u00ed jsou zaznamen\u00e1v\u00e1ny a zobrazuj\u00ed se na konfigura\u010dn\u00ed str\u00e1nce.<\/p>\n\n\n\n

Jak je patrn\u00e9, tato funkce sestavuje tabulku informac\u00ed, ale neescapuje hodnoty, kter\u00e9 pou\u017e\u00edv\u00e1. A\u010dkoli se doporu\u010duje prov\u00e1d\u011bt sanitaci p\u0159ijat\u00e9ho vstupu, je mnohem \u00fa\u010dinn\u011bj\u0161\u00ed pou\u017e\u00edt escapov\u00e1n\u00ed v\u00fdstupu, i kdy\u017e je vstup ji\u017e sanitizov\u00e1n, k prevenci Cross-Site Scripting. Bohu\u017eel, tento plugin nepou\u017e\u00edval ani sanitaci, ani escapov\u00e1n\u00ed ukl\u00e1dan\u00e9 hodnoty IP adresy, kter\u00e1 mohla b\u00fdt dod\u00e1na p\u0159es hlavi\u010dku X-Forwarded-For.<\/p>\n\n\n\n

Pro vyu\u017eit\u00ed t\u00e9to zranitelnosti by mohl \u00fato\u010dn\u00edk odeslat po\u017eadavek na p\u0159ihl\u00e1\u0161en\u00ed s n\u00e1sleduj\u00edc\u00ed hlavi\u010dkou X-Forwarded-For:<\/p>\n\n\n\n

X-Forwarded-For: <span onmouseover=alert(1)>23.23.23.23<\/span><\/code><\/pre>\n\n\n\nTato hlavi\u010dka m\u016f\u017ee b\u00fdt nastavena r\u016fzn\u00fdmi zp\u016fsoby, nap\u0159\u00edklad pomoc\u00ed pluginu pro prohl\u00ed\u017ee\u010d nebo p\u0159id\u00e1n\u00edm ji ru\u010dn\u011b p\u0159i zachycen\u00ed po\u017eadavku na p\u0159ihl\u00e1\u0161en\u00ed. Jakmile je dosa\u017een pr\u00e1h pro blokov\u00e1n\u00ed pluginu, bude tato k\u00f3dovan\u00e1 IP adresa zaznamen\u00e1na jako blokovan\u00e1 IP a z\u00e1ke\u0159n\u00fd JavaScript k\u00f3d se spust\u00ed, kdy\u017e administr\u00e1tor nav\u0161t\u00edv\u00ed str\u00e1nku s konfigurac\u00ed, kde je zobrazen seznam blokovan\u00fdch IP adres. Tento \u0161kodliv\u00fd k\u00f3d je spu\u0161t\u011bn pod autentizac\u00ed administr\u00e1tora a m\u016f\u017ee b\u00fdt pou\u017eit k usnadn\u011bn\u00ed p\u0159evzet\u00ed kontroly nad webovou str\u00e1nkou.<\/p>\n\n\n\n
Zranitelnosti Cross-Site Scripting jsou v\u00fdsledkem chyb\u011bj\u00edc\u00ed sanitace a neescapovan\u00e9ho zobrazen\u00ed u\u017eivatelsk\u00e9ho vstupu. Nej\u010dast\u011bji vid\u00edme exploita\u010dn\u00ed vstupy od u\u017eivatele, kter\u00e9 jsou z\u00edsk\u00e1ny prost\u0159ednictv\u00edm formul\u00e1\u0159e. V tomto konkr\u00e9tn\u00edm p\u0159\u00edpad\u011b jsou zpracov\u00e1van\u00e9 informace st\u00e1le poskytov\u00e1ny u\u017eivatelem, ale jsou z\u00edsk\u00e1v\u00e1ny jin\u00fdm a neobvykl\u00fdm zp\u016fsobem, co\u017e m\u016f\u017ee v\u00e9st k opomenut\u00ed \u0159\u00e1dn\u00e9 sanitace a escapov\u00e1n\u00ed.<\/p>\n\n\n\n
Pokud plugin pou\u017e\u00edv\u00e1te na n\u011bkter\u00e9m z va\u0161ich web\u016f, doporu\u010duji co nejd\u0159\u00edve aktualizovat na nejnov\u011bj\u0161\u00ed verzi Limit Login Attempts.<\/p>\n","protected":false},"excerpt":{"rendered":"
Dne 26. ledna 2023 byla t\u00fdmem Wordfence objevena zranitelnost Cross-Site Scripting v pluginu Limit Login Attempts pro WordPress, kter\u00fd je nainstalov\u00e1n na v\u00edce ne\u017e 600 000 webov\u00fdch str\u00e1nk\u00e1ch a umo\u017e\u0148uje blokov\u00e1n\u00ed IP adres, kter\u00e9 se opakovan\u011b sna\u017eily ne\u00fasp\u011b\u0161n\u011b p\u0159ihl\u00e1sit. Tato zranitelnost postihuje verze pluginu a\u017e do verze 1.7.1 v\u010detn\u011b. Oprava pro tuto zranitelnost byla vyd\u00e1na<\/p>\n","protected":false},"author":1,"featured_media":8866,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[105,458],"class_list":["post-6672","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-cross-site-scripting","tag-wordfence"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/6672"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=6672"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/6672\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/8866"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=6672"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=6672"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=6672"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}