[wp-trac] Re: [WordPress Trac] #2394: Passwords are stored in an
insecure un-salted form
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 28 15:35:03 GMT 2007
#2394: Passwords are stored in an insecure un-salted form
-----------------------+----------------------------------------------------
Reporter: sjmurdoch | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4 (future)
Component: Security | Version: 2.0
Severity: normal | Resolution:
Keywords: has-patch |
-----------------------+----------------------------------------------------
Comment (by pishmishy):
Replying to [comment:11 Otto42]:
> It was a suggestion, not an issue. It doesn't need it's own ticket. I
was just commented. Chill.
Sorry, no offence meant. I was just being overly terse to stay concise.
> As far as I can tell, yes, actually, it does. It uses md5 hashes in the
database and double md5 hashes as cookies. Where does it use anything
else?
In generating the code in the URL used to confirm password recovery, also
in bookmark.php, category.php, taxonomy.php, cache.php and tinyMCE, to
generate keys that are used in a cache. I'm afraid that I don't know
anything about that code.
--
Ticket URL: <http://trac.wordpress.org/ticket/2394#comment:12>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list