Description

The WordPress security keys are a set of random variables that improve encryption of information stored in the user's cookies. These security keys are configured in the WordPress configuration file wp-config.php.

There are a total of four security keys:

  • AUTH_KEY
  • SECURE_AUTH_KEY
  • LOGGED_IN_KEY
  • NONCE_KEY

One of these WordPress security keys is using a weak/predictable value that the scanner found in a dictionary. It's recommended to change the value of this WordPress security key.

Remediation

Visit the WordPress.org Salt Generator website to generate random values for WordPress Security Keys (https://api.wordpress.org/secret-key/1.1/salt/).

References

WordPress.org Salt Generator - WordPress API

Related Vulnerabilities

Unrestricted access to Kong Gateway API

Web Cache Poisoning DoS

ASP.NET WCF service include exception details

SAP NetWeaver server info information disclosure

ASP.NET forms authentication using inadequate protection

Severity

High

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Weak Credentials