[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 13 22:08:36 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by ryan):
To clarify, I meant using the DB connect information as part of sk, the
secret key used when creating k. DB connect info plus the salt from the
DB would be used in sk, not just the DB connect info alone. Someone
without read access to the DB would have to contend with the random salt
from the DB in addition to the DB connect info. Someone with read access
to the DB would have the secret key from the DB, leaving just the DB
connect info. So an attacker would have to get DB read info to reduce the
sk down to just the DB connect info and then break the sk. Since the sk
is used in the cookie only as a salt for hash_hmac(), how easy is it to
brute force?
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:47>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list