[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Thu Dec 13 22:08:36 GMT 2007

#5367: Wordpress cookie authentication vulnerability
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
Comment (by ryan):

 To clarify, I meant using the DB connect information as part of sk, the
 secret key used when creating k.  DB connect info plus the salt from the
 DB would be used in sk, not just the DB connect info alone.  Someone
 without read access to the DB would have to contend with the random salt
 from the DB in addition to the DB connect info.  Someone with read access
 to the DB would have the secret key from the DB, leaving just the DB
 connect info.  So an attacker would have to get DB read info to reduce the
 sk down to just the DB connect info and then break the sk.  Since the sk
 is used in the cookie only as a salt for hash_hmac(), how easy is it to
 brute force?

Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:47>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list