[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Sun Dec 23 07:29:46 GMT 2007

#5367: Wordpress cookie authentication vulnerability
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
Comment (by Viper007Bond):

 The comment for `SECRET_KEY` in [6471] can easily be confusing for someone
 who doesn't know PHP. I'm betting many people would replace the text
 "`SECRET_KEY`" with their key rather correctly defining the constant.

 The comment should be changed, or even better, perhaps using some example
 text like "`uniquephrasehere`" and then have WP ignore/unset the key
 constant if it's left at that.

Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:64>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list