[wp-trac] [WordPress Trac] #3316: Protected post password is plain text in cookie
WordPress Trac
noreply at wordpress.org
Sun Feb 11 08:29:57 UTC 2024
#3316: Protected post password is plain text in cookie
--------------------------+----------------------
Reporter: dosa | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 2.1
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
--------------------------+----------------------
Comment (by migalbyv2o8):
Why is the protected post password stored as plain text in the cookie?
Once a password is entered for a protected post, it is stored as plain
text in the cookie, making it visible to everyone. Wouldn't it be better
to store it as a hash instead?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/3316#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list