[wp-trac] [WordPress Trac] #21420: Login without salted MD5 Password
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 30 13:37:05 UTC 2012
#21420: Login without salted MD5 Password
---------------------------------------+-----------------------
Reporter: shubhamoy | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 3.4.1
Severity: normal | Resolution:
Keywords: needs-patch needs-testing |
---------------------------------------+-----------------------
Changes (by shubhamoy):
* status: closed => reopened
* resolution: invalid =>
Comment:
The database stores the password in the following way:
$P$B.Vpi0aAjSqYg6AILPxrXemVw6Xysa1 and if we replace it with plain MD5
Hash then also it gets accepted and user is able to login whereas in
Joomla the database entry must be a salted MD5 hash for a successful
login.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21420#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list