[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 21 23:07:00 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by nbachiyski):
Another way is to leave {{{md5(md5(pass))}}} in the cookie and store
triple-md5-ed pass in the DB. Thus we cover the following cases:
* if the attacker gets the cookie it's almost unbreakable, just as it is
now
* if the attacker gets the DB, she can't generate a cookie
* if the attacker gets the DB, she can't use rainbow to get the password
And the logic is pretty simple and foolproof. Of course one day the
rainbow databases may include many md5 strings hashes, or even triple
hashes, but I think it would suffice for now.
The only disadvantage of all the techniques proposed above is that the
cookie value cannot be generated using the information. Now this
functionality is used to update the cookies, when the URL of the blog
changes. The code is in [source:trunk/wp-admin/includes/misc.php at 6025#L142
wp-admin/includes/misc.php].
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:13>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list