[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Fri Dec 7 09:35:07 GMT 2007

#5367: Wordpress cookie authentication vulnerability
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
Comment (by ryan):

 New patch with just a little tidying.

 Do we really need to put COOKIEHASH in the cookie name?  I'd think the
 host and path make the cookie unique enough.

 Does the patch look good enough to commit and get in the hands of testers?

Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:37>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list