[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Sat Dec 1 01:19:42 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by westi):
Replying to [comment:19 darkdragon]:
> Replying to [comment:18 westi]:
>
> > Known issues:
> > 1. Only supports a single authentication token for a user so you
cannot be logged in from two places at once.
>
> I would term this a feature, but since I'm always signed in at home and
usually sign in from various other places, it could become a hassle. What
if I'm in a location temporary and leave without the ability to go back?
Will there be a time limit of when that token will expire so that I can
eventually sign in at another location even if I hadn't signed out at that
other place?
If you sign in somewhere new then the old token is invalidated.
There is currently no timeout on tokens but for multiple logins to be
supported we will need a way of timing tokens out.
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:20>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list