Photo credit: www.csoonline.com
Recent findings have highlighted a significant vulnerability associated with the LiteSpeed Cache plugin, which impacts a wide range of websites, regardless of whether the crawler feature is active. Researchers have noted that even when the crawler, typically disabled by default, has not been utilized to generate a hash, an unsecured Ajax handler could still be manipulated to initiate this process. This raises serious concerns as it suggests that all sites utilizing LiteSpeed Cache are susceptible, not just those leveraging the crawler functionality.
Windows systems not affected
According to the report, Windows operating systems remain unaffected by this vulnerability. The reason for this immunity lies in the absence of a specific function necessary for hash generation within the Windows environment. Consequently, this makes the vulnerability particularly exploitable on other platforms, especially those running on Linux.
In light of the findings, LiteSpeed has issued a strong recommendation for users to update to version 6.4 or later of the plugin without delay. Additionally, administrators are urged to review their user accounts to remove any unfamiliar entries that possess administrative rights. For those unable to execute an immediate upgrade, LiteSpeed has provided a set of temporary measures aimed at mitigating potential risks, which can be found in their blog entry addressing this vulnerability.
Source
www.csoonline.com