Time for people to patch backup plugin for WordPress

2022-02-21 09:41

Rather it's more likely to be used very selectively, at least on those that haven't patched.

The advisory [PDF] recommends only one type of password, Cisco's Type 8, which uses either Password-Based Key Derivation Function version 2, SHA-256, an 80-bit salt - one NSA wit described it as "What Type 4 was meant to be," in the document.

For second best there's Type 6, which uses an 128-bit AES algorithm and is particularly useful for VPN passwords, the NSA notes, although Type 8 is preferable.

"Type 8 should be enabled and used for all Cisco devices running software developed after 2013. Devices running software from before 2013 should be upgraded immediately," the agency warned.

"Type 6 passwords should only be used if specific keys need to be encrypted and not hashed, or when Type 8 is not available."

On the absolute "Do not use" list are Type 0, Type 4 - which uses a crippled form of PBKDF2 that's susceptible to brute forcing - and Type 7, a Vigenere cipher that can be easily broken.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/21/in_brief_security/

#backup #patch #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14