[wp-trac] [WordPress Trac] #38474: wp_signups.activation_key stores activation keys in plain text
WordPress Trac
noreply at wordpress.org
Wed Feb 22 23:02:05 UTC 2017
#38474: wp_signups.activation_key stores activation keys in plain text
---------------------------------+------------------------------
Reporter: tomdxw | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.6.1
Severity: normal | Resolution:
Keywords: 4.8-early has-patch | Focuses:
---------------------------------+------------------------------
Comment (by bor0):
@SergeyBiryukov could you please review/provide your input on this?
Probably not that big of a security issue, as someone that has access to
the db has access to all of the content more or less. However, if they use
an activation key they can login and upload files, delete files, etc.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38474#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list