[wp-trac] Re: [WordPress Trac] #3316: Protected post password is
plain text in cookie
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 27 19:07:58 GMT 2009
#3316: Protected post password is plain text in cookie
--------------------------+-------------------------------------------------
Reporter: dosa | Owner: anonymous
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 2.8
Component: Security | Version: 2.1
Severity: major | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Changes (by raxitsheth):
* priority: normal => high
* severity: normal => major
Comment:
Just re-opening the ticket.
Password protected post are normally post which are "Not for public".
Storing the password in plaintext on user browser is clearly a dumb idea
!
Even other sites can not access cookie, a simple proxy/man in middle
attack/network sniffer can read the password.
-Raxit Sheth
--
Ticket URL: <http://trac.wordpress.org/ticket/3316#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list