When using the "database backup/logging on filesystem" feature, iThemes security generates a weak filename allowing attackers to obtain the backup/log file if they know when the backup/log file was generated (timestamp).
A vulnerability has been found in iThemes Security backup function that may allow attackers to gain access to backup/log files.
By default, when using the "database backup on filesystem" feature, iThemes Security saves the backup files in a world-readable directory :
The .htaccess file is generated during the plugin initial setup/update, only if the wp-content/uploads/ithemes-security/backups exists (or wp-content/uploads/ithemes-security/logs). Note that it does NOT exists by default.
When running a backup, the ITSEC_Backup class creates the directory but without any .htaccess file inside. The same thing happens with log saving.
If the webserver has directory listing enabled, then anybody can download the complete database backup or view the log files.
Every year, at the same period, we run one crazy night: the #ndhquals This night is about being one of the 10 teams who qualify for the Nuit du Hack Private. During this CTF, contestants are challenged by our team, but also each other. Monitoring, chatting on IRC, eating pizza and having fun shooting each other with Nerfs are not the only events that night. Our team prepares for months to provide you with the cleanest CTF possible, with tricky/funny/both hard and easy challenges. This year, Sysdream tried something new! A brand new organization for the “Project NDH”. New teams, new team leaders, new infrastructure, new test process, we are building a more professional CTF.