[wp-hackers] Wordpress Cookie Authentication Vulnerability

[Computer Guru]

On 11/22/07, Otto <otto at ottodestruct.com> wrote:
>
> It seems like we have two different discussions going on here.
>
> 1. Password: If we were to use salt, we could prevent dictionary
> attacks. Great. Fine. Whatever. We get it, but that's not the
> vulnerability we're talking about here. Salt wouldn't fix this
> problem.


Unless you add a second salt after being hacked ;-)
(I know it's not feasible, just don't discount it completely!)