Here comes another security threat that has been identified to affect LiteSpeed Cache plugin that is used by over 6 million WordPress websites across the globe. This newly discovered bug is a critical unauthenticated account takeover vulnerability and is identified as CVE-2024-44000 which is dangerous for millions of websites as they can be fully compromised. This exploit was reported by Rafie Muhammad from Patchstack on 22nd August 2024, such that LiteSpeed Cache released an emergency patch in version 6.5.0.1 on 4th this month.
What Attacker Can Do to Your Website
The vulnerability is due to a severe weakness in LiteSpeed Cache’s debug logging function. When on, this feature records all HTTP response headers into a file using the ‘Set-Cookie’ header, which contains session cookies that authenticate users. But an attacker can get to this log file, which is usually located in the `/wp-content/debug.log` and if it does not have access restrictions (through .htaccess in apache server) by simply entering the URL. If the attackers seek for the `var/log` directory—they can easily get these cookies and become an admin user, controlling your site.
Imagine the consequences: with such an attacker, the content may be altered, malware introduced or even your whole website wiped out. In other words, all they require is a text file that hold the keys to your kingdom, and they can get it easily.
Why This Vulnerability is Extremely Dangerous
This is a significant vulnerability since the attackers can exploit the sites without any form of authentication. The only prerequisite is to find and read the debug log file. For example, if you have certain limitations put on your website’s file access like due to improper setting of the `htaccess` rules, the attackers can easily navigate to this file by typing the corresponding URL.
And it gets worse. The attacker can take advantage of this weakness to obtain session cookies from previous login activities, in case the logs are not cleared. Hence, even if the debug feature was enabled just for some time in the past, your website is still vulnerable.
It is High Time to Take Some Measures to Protect Your Website
The vendor of the plugin, LiteSpeed Technologies, has tried to fix this issue by changing the location of the debug log to `/wp-content/litespeed/debug/` and renaming the files randomly, and also removing the option to log cookies, and placed a dummy index file into the directory. But such steps may not be adequate to effectively secure your site.
To ensure your website's security, you need to take these immediate actions:
- Purge All 'debug. log' Files: Delete any existing ‘debug. log’ files from the server so that session cookies that may have been stored may not be used by attackers.
- Implement . htaccess Rules: To prevent users from accessing log files, it is necessary to deny direct access to the files with the help of properly configured `. htaccess` rules. However, as it was mentioned before, the log file names were randomized, but still attackers might guess them through several attempts or brute force.
- Update Your Plugin: First of all, update LiteSpeed Cache to version 6. 5. 0. 1 or higher to fix this critical vulnerability.
It is very important to understand that the Threat is Real and it is Getting Bigger
Nevertheless, even after the recent fix, the threat level remains very high. According to WordPress.org, new version of LiteSpeed Cache was downloaded by 375,000 users on the day of its release while more than 5. 6 million websites still at risk. Hackers have already targeted sites that left themselves open; in the last day, Wordfence has seen and stopped 349,941 attempts to take advantage of this flaw.
LiteSpeed Cache plugin has remained a favorite of hackers owing to its popularity among WordPress users. In May 2024, another cross-site scripting vulnerability in the same plugin was reported and unauthenticated but it had the same impact of creating administrator users and control over sites. Later on, on August 21, 2024, a critical unauthenticated privilege escalation vulnerability – CVE-2024-28000 – was found, and the attackers started using it within several hours after the discovery.
The frequency and the extent of these attacks are only rising, and there is no site that is too insignificant to be targeted. The hackers are always on the lookout for vulnerable sites and one thing that they do not lack is time.
Secure Your online Enterprise Now with Professional Website Maintenance Services
It is therefore important to point out that now is the time to act with the seriousness that this situation deserves. Do not let the hackers or your competition sneak in and attack your business—protect your website now with professional website maintenance services. Our team of experts will:
- Identify the security vulnerabilities that currently exist on your website.
- Ensure that all the plugins and themes are updated to the most recent and secure version available.
- Ensure that there are strict controls of access and protection of the files.
- Always keep an eye on and secure your website against any and all threats.
Thus, when you hire professional website maintenance services, your website is safe from the current threats. Call us now to protect your online image and to ensure your company is safe from hackers. Don’t let it happen to you and your website — take action now!
Written by: Jitendra Raulo
Jitendra Raulo is the Founding Director at Aarav Infotech India Pvt. Ltd., a leading Web Design and Digital Marketing Company with 11+ years of experience and having headquarter in Mumbai, India, and Support Centre at Bhubaneswar, India, he is actively working with Start-ups, SMEs and Corporations utilizing technology to provide business transformation solution.
