[wp-trac] Re: [WordPress Trac] #2394: Passwords are stored in an
insecure un-salted form
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 29 13:09:26 GMT 2007
#2394: Passwords are stored in an insecure un-salted form
-----------------------+----------------------------------------------------
Reporter: sjmurdoch | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4 (future)
Component: Security | Version: 2.0
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------+----------------------------------------------------
Comment (by Otto42):
Replying to [comment:12 pishmishy]:
> In generating the code in the URL used to confirm password recovery
Password recovered is accomplished by generating a new random password and
emailing that to the user. And yes, it uses an MD5 of the new random
password in the database.
>also in bookmark.php, category.php, taxonomy.php, cache.php and tinyMCE,
to generate keys that are used in a cache.
I fail to understand your point. Yes, those all use md5 for key
generation, but none of that has anything to do with user passwords.
--
Ticket URL: <http://trac.wordpress.org/ticket/2394#comment:13>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list