CVE-2008-4106

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 2.6.2

Description The issue arises from improper handling of MySQL warnings when inserting username strings that exceed the maximum column width of the user login column, and from incorrect handling of space characters during username comparisons. This allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a SQL column truncation issue.

Recommendations For WordPress versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue.