[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Sat Dec 1 01:14:28 GMT 2007


#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
-------------------------------------+--------------------------------------
Comment (by darkdragon):

 Replying to [comment:18 westi]:

 > Known issues:
 >  1. Only supports a single authentication token for a user so you cannot
 be logged in from two places at once.

 I would term this a feature, but since I'm always signed in at home and
 usually sign in from various other places, it could become a hassle. What
 if I'm in a location temporary and leave without the ability to go back?
 Will there be a time limit of when that token will expire so that I can
 eventually sign in at another location even if I hadn't signed out at that
 other place?

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:19>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list