A new post appeared on the WordPress discussion list today revealing more details about the process. Everyone is apparently able to reset a WordPress password if the email address of the WordPress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. WordPress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the WordPress blog.

A temporary fix for the remote admin password reset vulnerability was posted. WordPress administrators need to change one line of code in the wp-login.php file of the WordPress installation to protect their blog from the attack. There is no official release fixing this problem, apply this changeset to your wp-login.php.

change line 190 in wp-login.php to

if ( empty( $key ) )

With

    if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to WordPress installations.

Google Chrome browser is the latest entry into the ongoing web browser’s war which is mainly ruled by IE and Firefox. The word Google behind the Chrome has given it lot of hype and popularity than any other browser got in such a short duration. However some of the features such as searching from the same address bar, thumbnails of top sites, private browsing etc makes it stand apart from other browsers in the market.

Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. Whenever user logins to any website, he/she will be prompted to save the credentials for later use and if user chooses so, then the username & passwords will be stored in internal login database. So next time onwards whenever user visits that website, he/she will be automatically logged in using these stored credentials which saves hassle of entering the credentails every time.

ChromePasswordDecryptor is standalone application which does not require any installation and can be directly executed after copying to local system.

* Launch the ChromePasswordDecryptor on the system.
* By default it will automatically display the default chrome profile path for current user. However you can change the path using the ‘browse’ button besides it.
* Then you can click on ‘Show’ button to decrypt and display all the stored login secrets from Chrome.
* Next you can click on ‘Export’ button to save all the secrets to standard HTML file.
Download chromepassworddecryptor

Many people wonder how their password is obtained from the SAM in Windows. Push The Red Button has an excellent in-depth article on how your password is encrypted and decrypted into a LanMan hash and a NT hash and stored in the SAM.

HalfMask is an experimental approach to masking on password fields. Currently the standard shows bullets or asterisks to hide a user’s password completely as they type. Halfmask avoids this by obscuring the password with semi-visible random characters in the background. The intent is to only allow the user who typed the password to easily read it. Read more about this and test out the demo at :lab.arc90.com

Google just added an SMS option to its accounty recovery system, letting anyone who forgets their passwords, or finds it suspiciously locked, set up a mobile phone number to have a recovery password sent to. U.S.-only for now, but Google says it’s working to expand the option. Want to add your phone number to an existing account? Sign into account management, then head to Change Password Recovery Options.

via Google Operating System

Password recovery is a fairly frequently used procedure for administrators and engineers. Even though we usually stack our passwords in some word, excel or text file, it’s very easy to forget to update them when changes occur. The end result is you find yourself locked out of the device, wondering what on earth could be the password.
Accessing a Cisco router requires certain privileges. Depending on the router’s configuration, you might be required to firstly log into the router and then enter the popular ‘enable’ password to elevate your access to privileged mode, from where you can issue configuration commands.

This article will show you how you can gain full administrator access to a Cisco router, bypassing all security passwords. The password recovery process, however, can be rendered useless if the administrator has previously configured the router not to allow this process to take place. In this case, the router will warn the user and, if he proceeds, all configuration will be erased, so there will be nothing to recover! (more…)

As we head into our second year here , I want to thank everyone for making the site what it is today and for the advertisers who help keep us afloat. if you or your company would like to advertise on the site please send an email to [email protected] we have very reasonable rates. You can also support us by donating to our paypal or even buying some of the tools we program to help recover passwords. We are working on a few new programs in the coming weeks, a googletalk password recovery tool and a msn password recovery tool so look for those soon.

Thanks,

whatsmypass Dev Team

Even though nowadays processor speeds are getting quicker and more powerful for cracking speeds, but it still takes time to crack a long/secure md5 password, so usually the best option for doing this quickly is to use pre-built rainbow tables to do the job for you , although those tables can be large in size, so the second best way is to use online md5 crackers, which can either compare your hash to something in their databse or add it to their own networked crackers. Here is a list of some good online cracking site, let me know if I’m missing one.

www.rednoize.com

www.md5oogle.com

www.hashmash.com

www.gdataonline.com

www.md5decryption.com

www.md5decrypter.com

www.md5decrypter.co.uk

www.macrosoftware.ro

www.md5-db.com

http://www.milw0rm.com/cracker/insert.php

http://www.plain-text.info

We would like to thank http://wonderhowto.com for it’s ad support to help with our webhosting costs we’ve been getting 5500-8000 page impressions a day . Wonder How To is one of the web’s largest how-to & do-it-yourself video sites, and has a video on how to do just about anything. Click their ads on the left side of the blog and go learn something  🙂