[wp-hackers] Wordpress Cookie Authentication Vulnerability

Bas Bosman wordpress at nazgul.nu
Tue Nov 20 17:42:18 GMT 2007


> Is there any reason in particular WP is using MD5 as opposed to a
> stronger algorithm?

Yes, because WordPress still supports PHP 4.2, which doesn't really have
any good support for a stronger algorithm.

But as mentioned in the Trac ticket. MD5 isn't the issue here. The issue
is that we have a guessable cookie, based on read-only database access or
non-ssl network sniffing.

I think Otto gave a nice overview of a possible solution. Which can
optionally be enhanced by linking login cookies to ip-adresses to further
minimize the chances of cookie stealing. (Mark the optional, because it
can have unwanted side-effects in some network setups)

Regards,
Bas Bosman (Nazgul)



More information about the wp-hackers mailing list