[wp-trac] Re: [WordPress Trac] #6413: Add custom prefix to
cookie-names
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 27 08:53:02 GMT 2008
#6413: Add custom prefix to cookie-names
-------------------------+--------------------------------------------------
Reporter: webrocker | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Security | Version:
Severity: major | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Comment (by DD32):
Renaming the cookies is pointless IMO, The exploit will simply change to
grab cookies which are using any prefix, not just the wordpress prefixed
cookies.
If they can create files, theres many places they could simply plonk a
.php file and have WP auto-include it inside the wp-content folder.
I'm not too sure, but i'm pretty sure with the changes made in the
authtication, that WP 2.5 may not be as affected by that form of attack.
--
Ticket URL: <http://trac.wordpress.org/ticket/6413#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list