A newly discovered high-severity vulnerability in the LiteSpeed Cache plugin, used to speed up browsing on over 6 million WordPress sites, has raised significant security concerns.
Identified as CVE-2024-44000, this unauthenticated account takeover flaw was reported by Rafie Muhammad from Patchstack on August 22, 2024. LiteSpeed Technologies released a patch for the issue with the plugin’s latest version, 6.5.0.1, made available yesterday.
The vulnerability is linked to LiteSpeed Cache’s debug logging feature, which records HTTP response headers, including the sensitive “Set-Cookie” header, into a file when the debug mode is enabled. These session cookies are essential for user authentication, and if stolen, they can allow attackers to impersonate admin users and take full control of the site.
To exploit the flaw, attackers need access to the debug log file stored at ‘/wp-content/debug.log.’ If the site lacks access restrictions, such as .htaccess rules, this file can be easily accessed via a specific URL. This vulnerability poses a risk to users who logged into the site while debug logging was enabled, as attackers could retrieve past session data if logs haven’t been periodically cleared.
LiteSpeed Technologies has addressed the issue by implementing several security measures, including moving the debug log to a dedicated folder, randomizing log filenames, and removing cookie logging. They also added a dummy index file for additional protection.
All LiteSpeed Cache users are urged to purge old ‘debug.log’ files from their servers to eliminate any remaining session cookies that could be exploited. Additionally, implementing an .htaccess rule to block direct access to log files is highly recommended, as attackers could still attempt to guess filenames through brute-force methods.
Despite the fix, over 5.6 million sites may still be vulnerable, with only 375,000 users downloading the updated plugin version on the day of its release. Site administrators should update to LiteSpeed Cache version 6.5.0.1 immediately to protect their sites from potential attacks.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.