[wp-trac] [WordPress Trac] #6842: Password reset links produce invalid keys

WordPress Trac wp-trac at lists.automattic.com
Fri Apr 25 16:58:57 GMT 2008


#6842: Password reset links produce invalid keys
------------------------+---------------------------------------------------
 Reporter:  MtDewVirus  |       Owner:  anonymous
     Type:  defect      |      Status:  new      
 Priority:  normal      |   Milestone:  2.7      
Component:  Security    |     Version:  2.6      
 Severity:  normal      |    Keywords:           
------------------------+---------------------------------------------------
 When using /wp-login.php?action=lostpassword the password reset link
 received in the email does not work. When clicking on the link, you get
 "Sorry, that key does not appear to be valid."

 Also, some of the characters used in the key aren't treated as part of a
 link in email (Gmail as an example).

 Example: http://blog.com/wp-login.php?action=rp&key=yG#S^w4U&QY(

 Only http://blog.com/wp-login.php?action=rp&key=yG#S was treated as a link
 in Gmail and the rest was plain text.

 Tested on r7835

-- 
Ticket URL: <http://trac.wordpress.org/ticket/6842>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list