[wp-trac] Re: [WordPress Trac] #5367: Wordpress cookie
authentication vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 22 14:28:19 GMT 2007
#5367: Wordpress cookie authentication vulnerability
-------------------------------------+--------------------------------------
Reporter: sjmurdoch | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: normal | Resolution:
Keywords: security, password, md5 |
-------------------------------------+--------------------------------------
Comment (by DD32):
Replying to [comment:15 jammycakes]:
> Another thing -- why has this been given a milestone of 2.4? Since it is
a security issue that is actively being exploited, shouldn't it be
scheduled, at least partially, for the next security release?
Things are fixed in Trunk(2.4) and then backported to 2.3[[BR]]
Major changes such as this would also go into the next stable release
rather than a maintainence release i believe. Allthough extra checks might
be added to a 2.3 maintainence release to at least remove some of the
vulnerability(ie. patch it, just not completely replace the authentication
functions) is need be.
--
Ticket URL: <http://trac.wordpress.org/ticket/5367#comment:16>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list