97 lines
2.4 KiB
PHP
97 lines
2.4 KiB
PHP
|
<?php
|
||
|
|
||
|
/**
|
||
|
* Classname: WPScan\Checks\weakPasswords
|
||
|
*/
|
||
|
|
||
|
namespace WPScan\Checks;
|
||
|
|
||
|
// Exit if accessed directly.
|
||
|
defined( 'ABSPATH' ) || exit;
|
||
|
|
||
|
/**
|
||
|
* WeakPasswords.
|
||
|
*
|
||
|
* Checks if privileged users are using weak passwords.
|
||
|
*
|
||
|
* @since 1.14.0
|
||
|
*/
|
||
|
class weakPasswords extends Check {
|
||
|
/**
|
||
|
* Title.
|
||
|
*
|
||
|
* @since 1.14.0
|
||
|
* @access public
|
||
|
* @return string
|
||
|
*/
|
||
|
public function title() {
|
||
|
return __( 'Weak Passwords', 'wpscan' );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Description.
|
||
|
*
|
||
|
* @since 1.14.0
|
||
|
* @access public
|
||
|
* @return string
|
||
|
*/
|
||
|
public function description() {
|
||
|
return __( 'Checks if privileged users are using any passwords from our weak password list.', 'wpscan' );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Success message.
|
||
|
*
|
||
|
* @since 1.14.0
|
||
|
* @access public
|
||
|
* @return string
|
||
|
*/
|
||
|
public function success_message() {
|
||
|
return __( 'We were not able to brute force the password of any privileged user', 'wpscan' );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Perform the check and save the results.
|
||
|
*
|
||
|
* @since 1.14.0
|
||
|
* @access public
|
||
|
* @return void
|
||
|
*/
|
||
|
public function perform() {
|
||
|
$vulnerabilities = $this->get_vulnerabilities();
|
||
|
|
||
|
// Password list from: https://github.com/danielmiessler/SecLists/blob/master/Passwords/probable-v2-top207.txt.
|
||
|
$users = get_users( array( 'role__in' => array( 'super_admin', 'administrator', 'editor', 'author', 'contributor' ) ) );
|
||
|
$passwords = file( $this->dir . '/assets/passwords.txt', FILE_IGNORE_NEW_LINES );
|
||
|
$found = array();
|
||
|
|
||
|
foreach ( $users as $user ) {
|
||
|
$username = $user->user_login;
|
||
|
|
||
|
foreach ( $passwords as $password ) {
|
||
|
if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
|
||
|
array_push( $found, $username );
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ( ! empty( $found ) ) {
|
||
|
if ( 1 === count( $found ) ) {
|
||
|
$text = sprintf(
|
||
|
__( 'The %s user was found to have a weak password. The user\'s password should be updated immediately.', 'wpscan' ),
|
||
|
esc_html( $found[0] )
|
||
|
);
|
||
|
} else {
|
||
|
$found = implode( ', ', $found );
|
||
|
$text = sprintf(
|
||
|
__( 'The %s users were found to have weak passwords. The users\' passwords should be updated immediately.', 'wpscan' ),
|
||
|
esc_html( $found )
|
||
|
);
|
||
|
}
|
||
|
|
||
|
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' );
|
||
|
}
|
||
|
}
|
||
|
}
|