[wp-hackers] Wordpress Cookie Authentication Vulnerability

Abel Cheung abelcheung at gmail.com
Fri Nov 23 09:03:56 GMT 2007


On Nov 20, 2007 3:11 PM, Computer Guru <computerguru at neosmart.net> wrote:
> You've got to be kidding me!
>
> I read the first five words then burst out laughing:
> "With read-only access to the Wordpress database"...
>
> Once you've got read-only access to a database, how much more vulnerable do
> you want?

Since it is already vulnerable if somebody get read-only access, why
not only store plain text password inside database? Vulnerable anyway.
(According to your logic).

Abel

>
>
>
>
> On 11/20/07, Santanu Misra <santanu.misra at gmail.com> wrote:
> >
> > Not sure if this is discussed already.
> >
> > http://lwn.net/Articles/259204/
> >
> >
> > -- Thanks
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> Computer Guru
> Director,
> NeoSmart Technologies
> http://neosmart.net/blog/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Abel Cheung   (GPG Key: 0xC67186FF)
Key fingerprint: 671C C7AE EFB5 110C D6D1  41EE 4152 E1F1 C671 86FF
--------------------------------------------------------------------
* My own cave: http://me.abelcheung.org/
* Opensource Application Knowledge Assoc. - http://oaka.org/


More information about the wp-hackers mailing list