[wp-trac] [WordPress Trac] #21420: Login without salted MD5 Password
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 30 07:18:57 UTC 2012
#21420: Login without salted MD5 Password
--------------------------+---------------------------------------
Reporter: shubhamoy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.4.1
Severity: normal | Keywords: needs-patch needs-testing
--------------------------+---------------------------------------
WordPress stores the password in MD5+Salt Format but never uses it for
login. Suppose an attacker gets access to the database and updates the
password in MD5 hash format and tries to login then he is able to do it
successfully. So what's the use of storing the password in MD5+Salt when
it doesn't comes into play.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21420>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list