#WordPress installer #attack race
source: https://smitka.me/2022/07/01/wordpress-installer-attack-race/
The attacker uses the #Certificate Transparency Log to find new WordPress #installations. It works because you usually generate the #SSL certificate when you set up a hosting space. When the certificate is issued, the record appears in the public log.
...
It takes only 4 minutes from the certificate issue to abuse the installer (but in some cases, the attacker managed to do it in under 1 minute).
#internet #blog #security #backdoor #problem #www #web #software #install #news
There are no comments yet.