[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 20 16:37:12 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by santosj):
Question: Would not having the username and password in the cookie fix
this and not break anything else?
I'm not sure why sessions aren't used instead to store this information
(always confused about this). Which you'll have another problem with
session hijacking, but there are measures that can easily be used to
correct that problem.
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list