[wp-hackers] Wordpress Cookie Authentication Vulnerability
Callum Macdonald
lists.automattic.com at callum-macdonald.com
Thu Nov 22 03:34:05 GMT 2007
Otto wrote:
> It seems like we have two different discussions going on here.
>
> 1. Password: If we were to use salt, we could prevent dictionary
> attacks. Great. Fine. Whatever. We get it, but that's not the
> vulnerability we're talking about here. Salt wouldn't fix this
> problem.
>
So let's do that... :)
> 2. Cookies: Why are we using double-MD5 as the cookie? Why are we not
> using PHP Sessions instead? This would prevent this problem. Anybody
> know?
>
Sessions don't allow persistent logins. I don't think the current
solution is a particularly major vulnerability, although I think it
would make sense to store a login token and update that every time the
user logs in. That token is then written to the cookie (as in MediaWiki
for example).
This raises the question, if somebody writes the code, how does it end
up in core?
C.
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>
More information about the wp-hackers
mailing list