[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 9 03:06:44 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by ryan):
Replying to [comment:38 westi]:
> Replying to [comment:37 ryan]:
> > Any objections? I'll commit this soon so testers can have a look at
it. We can tweak it from there.
>
> I am not completely happy that the new cookie scheme doesn't handle the
issue whereby someone with read access to the database can generate a
valid cookie - in general users are not going to update the SECRET define
and so won't benefit from it.
We could incorporate your session key stuff into the currently unused data
field of the cookie. Store a random key in the cookie and store the hash
of that key in the DB. But, that brings us back to allowing only one
session at at time and requiring a DB write for every successful login
attempt.
> What are the timeouts on the cookies it looks like 2 days or 14 days if
I do my maths right - would we not do better with a shorter expiry time
and resetting the cookie on every admin page access with a new expiry.
Wouldn't that allow replaying an old cookie to get a new cookie with a
fresh expiry?
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:39>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list