[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Sat Dec 1 14:42:52 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by sjmurdoch):
Replying to [comment:18 westi]:
> I've uploaded a first pass patch for auth cookies
It looks like the cookie is of the form:
{{{md5(DB_PASSWORD.DB_USER.DB_NAME.DB_HOST.ABSPATH.$username.uniqid(microtime())}}}
and the hash of this is stored in the database.
If uniqid() isn't unpredictable, it would be possible to brute force the
database password (the rest of the fields are pretty easy to guess in most
situations). How secure is uniqid() in this usage?
Is there a better way to get unpredictable pseudorandom numbers?
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:22>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list