[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 23 07:29:46 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by Viper007Bond):
The comment for `SECRET_KEY` in [6471] can easily be confusing for someone
who doesn't know PHP. I'm betting many people would replace the text
"`SECRET_KEY`" with their key rather correctly defining the constant.
The comment should be changed, or even better, perhaps using some example
text like "`uniquephrasehere`" and then have WP ignore/unset the key
constant if it's left at that.
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:64>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list