laipower/wp-content/plugins/wpscan/security-checks/weak-passwords/check.php

97 lines
2.4 KiB
PHP

<?php
/**
* Classname: WPScan\Checks\weakPasswords
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* WeakPasswords.
*
* Checks if privileged users are using weak passwords.
*
* @since 1.14.0
*/
class weakPasswords extends Check {
/**
* Title.
*
* @since 1.14.0
* @access public
* @return string
*/
public function title() {
return __( 'Weak Passwords', 'wpscan' );
}
/**
* Description.
*
* @since 1.14.0
* @access public
* @return string
*/
public function description() {
return __( 'Checks if privileged users are using any passwords from our weak password list.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.14.0
* @access public
* @return string
*/
public function success_message() {
return __( 'We were not able to brute force the password of any privileged user', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.14.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
// Password list from: https://github.com/danielmiessler/SecLists/blob/master/Passwords/probable-v2-top207.txt.
$users = get_users( array( 'role__in' => array( 'super_admin', 'administrator', 'editor', 'author', 'contributor' ) ) );
$passwords = file( $this->dir . '/assets/passwords.txt', FILE_IGNORE_NEW_LINES );
$found = array();
foreach ( $users as $user ) {
$username = $user->user_login;
foreach ( $passwords as $password ) {
if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
array_push( $found, $username );
break;
}
}
}
if ( ! empty( $found ) ) {
if ( 1 === count( $found ) ) {
$text = sprintf(
__( 'The %s user was found to have a weak password. The user\'s password should be updated immediately.', 'wpscan' ),
esc_html( $found[0] )
);
} else {
$found = implode( ', ', $found );
$text = sprintf(
__( 'The %s users were found to have weak passwords. The users\' passwords should be updated immediately.', 'wpscan' ),
esc_html( $found )
);
}
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' );
}
}
}