[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 7 09:35:07 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by ryan):
New patch with just a little tidying.
Do we really need to put COOKIEHASH in the cookie name? I'd think the
host and path make the cookie unique enough.
Does the patch look good enough to commit and get in the hands of testers?
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:37>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list