[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Mon Dec 31 23:07:45 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by DD32):
Replying to [comment:69 ryan]:
> (In [6529]) Separate cookie generation from cookie set. Introduce
wp_generate_auth_cookie(). see #5367
has rendered the folowing line useless:
{{{
$user = get_userdata($user_id);
}}}
http://trac.wordpress.org/browser/trunk/wp-
includes/pluggable.php?rev=6529#L375
see patch.
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:70>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list