[wp-hackers] Wordpress Cookie Authentication Vulnerability
howard chen
howachen at gmail.com
Tue Nov 20 16:23:49 GMT 2007
On Nov 20, 2007 3:11 PM, Computer Guru <computerguru at neosmart.net> wrote:
> You've got to be kidding me!
>
> I read the first five words then burst out laughing:
> "With read-only access to the Wordpress database"...
>
> Once you've got read-only access to a database, how much more vulnerable do
> you want?
>
Guru,
If I were you, I would also ask why WP need to store md5 hash of the
password in the DB.
howa
More information about the wp-hackers
mailing list