[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Sat Dec 1 01:19:42 GMT 2007


#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
-------------------------------------+--------------------------------------
Comment (by westi):

 Replying to [comment:19 darkdragon]:
 > Replying to [comment:18 westi]:
 >
 > > Known issues:
 > >  1. Only supports a single authentication token for a user so you
 cannot be logged in from two places at once.
 >
 > I would term this a feature, but since I'm always signed in at home and
 usually sign in from various other places, it could become a hassle. What
 if I'm in a location temporary and leave without the ability to go back?
 Will there be a time limit of when that token will expire so that I can
 eventually sign in at another location even if I hadn't signed out at that
 other place?

 If you sign in somewhere new then the old token is invalidated.

 There is currently no timeout on tokens but for multiple logins to be
 supported we will need a way of timing tokens out.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:20>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list