{"id":356385,"date":"2022-09-09T09:45:32","date_gmt":"2022-09-09T11:45:32","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-pirates-exploitent-zero-day-dans-le-plugin-wordpress-backupbuddy-dans-environ-5-millions-de-tentatives\/"},"modified":"2022-09-09T09:45:33","modified_gmt":"2022-09-09T11:45:33","slug":"les-pirates-exploitent-zero-day-dans-le-plugin-wordpress-backupbuddy-dans-environ-5-millions-de-tentatives","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-pirates-exploitent-zero-day-dans-le-plugin-wordpress-backupbuddy-dans-environ-5-millions-de-tentatives\/","title":{"rendered":"Les pirates exploitent Zero-Day dans le plugin WordPress BackupBuddy dans environ 5 millions de tentatives"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Une faille zero-day dans un plugin WordPress appel\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/ithemes.com\/backupbuddy\/\" target=\"_blank\">Copain de sauvegarde<\/a> est activement exploit\u00e9, a r\u00e9v\u00e9l\u00e9 la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 WordPress Wordfence.<\/p>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 permet \u00e0 des utilisateurs non authentifi\u00e9s de t\u00e9l\u00e9charger des fichiers arbitraires \u00e0 partir du site concern\u00e9 qui peuvent inclure des informations sensibles&#8221;, a-t-il ajout\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.wordfence.com\/blog\/2022\/09\/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>BackupBuddy permet aux utilisateurs de sauvegarder l&#8217;int\u00e9gralit\u00e9 de leur installation WordPress \u00e0 partir du tableau de bord, y compris les fichiers de th\u00e8me, les pages, les publications, les widgets, les utilisateurs et les fichiers multim\u00e9dias, entre autres.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>On estime que le plugin compte environ 140 000 installations actives, la faille (CVE-2022-31474, score CVSS\u00a0: 7,5) affectant les versions 8.5.8.0 \u00e0 8.7.4.1.  Il a \u00e9t\u00e9 r\u00e9solu dans la version 8.7.5 publi\u00e9e le 2 septembre 2022.<\/p>\n<p>Le probl\u00e8me est enracin\u00e9 dans la fonction appel\u00e9e &#8220;Copie du r\u00e9pertoire local&#8221; qui est con\u00e7ue pour stocker une copie locale des sauvegardes.  Selon Wordfence, la vuln\u00e9rabilit\u00e9 est le r\u00e9sultat de l&#8217;impl\u00e9mentation non s\u00e9curis\u00e9e, qui permet \u00e0 un acteur malveillant non authentifi\u00e9 de t\u00e9l\u00e9charger n&#8217;importe quel fichier arbitraire sur le serveur.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"Plugin WordPress BackupBuddy\" border=\"0\" data-original-height=\"314\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/09\/1662723932_546_Les-pirates-exploitent-Zero-Day-dans-le-plugin-WordPress-BackupBuddy-dans.jpg\" title=\"Plugin WordPress BackupBuddy\" \/><\/div>\n<p>Des d\u00e9tails suppl\u00e9mentaires sur la faille ont \u00e9t\u00e9 retenus \u00e0 la lumi\u00e8re des abus actifs dans la nature et de sa facilit\u00e9 d&#8217;exploitation.<\/p>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 pourrait permettre \u00e0 un attaquant d&#8217;afficher le contenu de n&#8217;importe quel fichier sur votre serveur qui peut \u00eatre lu par votre installation WordPress&#8221;, a d\u00e9clar\u00e9 le d\u00e9veloppeur du plugin, iThemes. <a rel=\"nofollow noopener\" href=\"https:\/\/ithemes.com\/blog\/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy\/\" target=\"_blank\">a dit<\/a>.  &#8220;Cela pourrait inclure le fichier WordPress wp-config.php et, selon la configuration de votre serveur, des fichiers sensibles comme \/etc\/passwd.&#8221;<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/09\/Les-hackers-de-Worok-ciblent-des-entreprises-et-des-gouvernements.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Wordfence a not\u00e9 que le ciblage de CVE-2022-31474 a commenc\u00e9 le 26 ao\u00fbt 2022 et qu&#8217;il a bloqu\u00e9 pr\u00e8s de cinq millions d&#8217;attaques dans l&#8217;intervalle.  La plupart des intrusions ont tent\u00e9 de lire les fichiers ci-dessous &#8211;<\/p>\n<ul>\n<li>\/etc\/passwd<\/li>\n<li>\/wp-config.php<\/li>\n<li>.mon.cnf<\/li>\n<li>.accesshash<\/li>\n<\/ul>\n<p>Les utilisateurs du plugin BackupBuddy sont invit\u00e9s \u00e0 mettre \u00e0 niveau vers la derni\u00e8re version.  Si les utilisateurs d\u00e9terminent qu&#8217;ils ont peut-\u00eatre \u00e9t\u00e9 compromis, il est recommand\u00e9 de r\u00e9initialiser le mot de passe de la base de donn\u00e9es, de modifier les sels WordPress et de faire pivoter les cl\u00e9s API stock\u00e9es dans wp-config.php.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/hackers-exploit-zero-day-in-wordpress.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Une faille zero-day dans un plugin WordPress appel\u00e9 Copain de sauvegarde est activement exploit\u00e9, a r\u00e9v\u00e9l\u00e9 la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 WordPress Wordfence. &#8220;Cette vuln\u00e9rabilit\u00e9 permet \u00e0 des utilisateurs non authentifi\u00e9s de t\u00e9l\u00e9charger des fichiers arbitraires \u00e0 partir du site concern\u00e9 qui peuvent inclure des informations sensibles&#8221;, a-t-il ajout\u00e9. a dit. BackupBuddy permet aux utilisateurs de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":356386,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[107451,4168,4158,4165,4161,429,12580,8736,4157,4159,4171,4170,65,4167,1610,4160,4163,4162,4394,51599,4172,4169,2020,4166,4164,51600,35759],"class_list":["post-356385","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-backupbuddy","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-environ","tag-exploitent","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-millions","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pirates","tag-plugin","tag-securite-informatique","tag-securite-internet","tag-tentatives","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-wordpress","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/356385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=356385"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/356385\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/356386"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=356385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=356385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=356385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}