[wp-hackers] Wordpress Cookie Authentication Vulnerability

howard chen howachen at gmail.com
Tue Nov 20 16:23:49 GMT 2007


On Nov 20, 2007 3:11 PM, Computer Guru <computerguru at neosmart.net> wrote:
> You've got to be kidding me!
>
> I read the first five words then burst out laughing:
> "With read-only access to the Wordpress database"...
>
> Once you've got read-only access to a database, how much more vulnerable do
> you want?
>

Guru,

If I were you, I would also ask why WP need to store md5 hash of the
password in the DB.

howa


More information about the wp-hackers mailing list