[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 19 02:57:09 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by sambauers):
Sorry, by "auto-generated" I meant the secret that is created by
concatenating the other config settings when there is no secret specified
in the config file.
If there is no chance of displaying the key in the admin area then I guess
I am back to a fairly lengthy instruction for integrators to follow.
That's OK, I suppose it's a small price for this level of security.
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:58>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list