[wp-trac] [WordPress Trac] #16619: XMLRPC authentication bypasses plugins?
WordPress Trac
wp-trac at lists.automattic.com
Wed Feb 23 11:39:51 UTC 2011
#16619: XMLRPC authentication bypasses plugins?
--------------------------+----------------------
Reporter: kojix | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: XML-RPC | Version:
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
It looks like the plugin isn't hooking into enough places. It'll probably
have to hook into 'check_password' or 'authenticate' filters.
Try using ` wp_authenticate($username, $password);` directly in code,
you'll probably find it fail there too.
Report it to the plugin author, Please feel free to direct the plugin
author to this ticket to re-open it if they have a reason to believe that
there's a bug in core.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16619#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list