[wp-trac] [WordPress Trac] #33635: $nonce_life is actually twice nonce life
WordPress Trac
noreply at wordpress.org
Mon Aug 31 20:16:43 UTC 2015
#33635: $nonce_life is actually twice nonce life
------------------------------------+----------------------
Reporter: ericlewis | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 2.5
Severity: normal | Resolution: invalid
Keywords: needs-patch needs-docs | Focuses: docs
------------------------------------+----------------------
Changes (by ericlewis):
* status: new => closed
* resolution: => invalid
* milestone: Future Release =>
Comment:
Nevermind — just saw `wp_verify_nonce()`
[https://core.trac.wordpress.org/browser/tags/4.3/src/wp-
includes/pluggable.php#L1808 back-validates nonces from 12-24 hours ago].
Although the math presented earlier does expose that corner cases here can
occur with nonces, because of the time-window that `wp_nonce_tick()`
creates.
e.g.
It's 8/31/2015 20:12:02 UTC (1441051922 in Unix epoch), wp_nonce_tick()
returns `33358`.
When it turns 9/1/2015 00:00:01 UTC (1441065601 in Unix epoch),
wp_nonce_tick() returns `33359`. The nonce I made earlier is still valid.
When it turns 9/1/2015 12:00:01 UTC (1441108801 in Unix epoch),
wp_nonce_tick() returns `33340`. The nonce I made earlier is invalid, even
though it is only 14 hours old.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33635#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list