[wp-hackers] Wordpress Cookie Authentication Vulnerability

Les Bessant les at lcb.me.uk
Tue Nov 20 07:33:26 GMT 2007


<delurks>

<puts network admin hat on>

"A remote attacker, with read access to the password database can gain
administrator rights."

Yes, the same is true for a lot of computer systems. It's not generally
viewed as a vulnerability in itself....


Les Bessant les at lcb.me.uk
Losing it[1] - http://lcb.me.uk
My flickr pictures - http://flickr.com/photos/lesbessant/


> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
> bounces at lists.automattic.com] On Behalf Of Computer Guru
> Sent: 20 November 2007 07:12
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] Wordpress Cookie Authentication Vulnerability
> 
> You've got to be kidding me!
> 
> I read the first five words then burst out laughing:
> "With read-only access to the Wordpress database"...
> 
> Once you've got read-only access to a database, how much more
> vulnerable do
> you want?
> 
> 
> 
> On 11/20/07, Santanu Misra <santanu.misra at gmail.com> wrote:
> >
> > Not sure if this is discussed already.
> >
> > http://lwn.net/Articles/259204/
> >
> >
> > -- Thanks
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> 
> 
> 
> --
> Computer Guru
> Director,
> NeoSmart Technologies
> http://neosmart.net/blog/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers




More information about the wp-hackers mailing list