[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Sat Dec 1 15:05:21 GMT 2007

#5367: Wordpress cookie authentication vulnerability
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
Comment (by westi):

 Replying to [comment:22 sjmurdoch]:
 > Replying to [comment:18 westi]:
 > > I've uploaded a first pass patch for auth cookies
 > It looks like the cookie is of the form:
 > and the hash of this is stored in the database.
 > If uniqid() isn't unpredictable, it would be possible to brute force the
 database password (the rest of the fields are pretty easy to guess in most
 situations). How secure is uniqid() in this usage?
 > Is there a better way to get unpredictable pseudorandom numbers?

 That is the current cookie format in this patch.

 It is in no way intended to be the final format - I just wanted something
 which would generate a hopefully unique cookie per-user for testing the
 infrastructure changes with WordPress - splitting out the login handling
 from the cookie verification

 We do need to analyse the predictability of the cookies and ideally find a
 good available source of entropy for our random numbers

Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:24>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list