[wp-trac] [WordPress Trac] #21420: Login without salted MD5 Password
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 30 07:42:04 UTC 2012
#21420: Login without salted MD5 Password
---------------------------------------+----------------------
Reporter: shubhamoy | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 3.4.1
Severity: normal | Resolution: invalid
Keywords: needs-patch needs-testing |
---------------------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Historically, !WordPress stored passwords as an unsalted md5 (#2394),
obviously this was insecure in the event that an attacker gained access to
the md5'd password.
!WordPress allows for those with the old style passwords (hashed md5's) to
login using it, and the password is immediately rehashed with the new
format and re-saved to the database. This allows for a rolling upgrade
when users log in (as since they were stored as md5's, the password was
not known, and therefor could not be rehashed until the user logged in).
As a result, if you have access to the database, you can create users, or
edit users, and change their password to a unsalted md5 and trigger the
upgrade path.
So: !WordPress never stores passwords unsalted or in an insecure form
anymore (Since 2.5), however, If you have a compromised database server,
it's possible to alter users, and gain access to the site. Similarily, if
an attacker gains file-level access, they can gain access to the site as
well. !WordPress is only as secure as the server it's hosted on.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21420#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list