[wp-trac] Re: [WordPress Trac] #5383: security notification
WordPress Trac
wp-trac at lists.automattic.com
Fri Nov 23 22:42:42 GMT 2007
#5383: security notification
-------------------------+--------------------------------------------------
Reporter: chuckpeters | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.5
Component: General | Version:
Severity: critical | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by rob1n):
Of course it's possible to get the hash and run it against a rainbow
pattern (or create a session cookie) -- if you have read-only access.
I suppose a solution would be to stop storing the hash in the cookie, and
authenticate a bit differently.
--
Ticket URL: <http://trac.wordpress.org/ticket/5383#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list