[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie authentication vulnerability

WordPress Trac wp-trac at lists.automattic.com
Mon Dec 31 23:07:45 GMT 2007


#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
 Reporter:  sjmurdoch                |        Owner:  westi   
     Type:  defect                   |       Status:  assigned
 Priority:  normal                   |    Milestone:  2.4     
Component:  Security                 |      Version:  2.3.1   
 Severity:  normal                   |   Resolution:          
 Keywords:  security, password, md5  |  
-------------------------------------+--------------------------------------
Comment (by DD32):

 Replying to [comment:69 ryan]:
 > (In [6529]) Separate cookie generation from cookie set.  Introduce
 wp_generate_auth_cookie().  see #5367

 has rendered the folowing line useless:
 {{{
    $user = get_userdata($user_id);
 }}}
 http://trac.wordpress.org/browser/trunk/wp-
 includes/pluggable.php?rev=6529#L375

 see patch.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:70>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list