[wp-hackers] Wordpress Cookie Authentication Vulnerability

Computer Guru computerguru at neosmart.net
Fri Nov 23 09:12:59 GMT 2007


Oh, I'm not _denying_ that it's not a bad thing - I was laughing at how this
has been termed a "vulnerability" rather than "WordPress makes it a bit more
difficult to clean up after a hack attack"

Vulnerability: Something that lets you get into or modify the system.
Compare it to this: once root access to your system has been compromised, is
it a *vulnerability* that the cracker can install FTP or SSH?

It's just unwanted behavior, not a vulnerability.


On 11/23/07, Abel Cheung <abelcheung at gmail.com> wrote:
>
> On Nov 20, 2007 3:11 PM, Computer Guru <computerguru at neosmart.net> wrote:
> > You've got to be kidding me!
> >
> > I read the first five words then burst out laughing:
> > "With read-only access to the Wordpress database"...
> >
> > Once you've got read-only access to a database, how much more vulnerable
> do
> > you want?
>
> Since it is already vulnerable if somebody get read-only access, why
> not only store plain text password inside database? Vulnerable anyway.
> (According to your logic).
>
> Abel
>
> >
> >
> >
> >
> > On 11/20/07, Santanu Misra <santanu.misra at gmail.com> wrote:
> > >
> > > Not sure if this is discussed already.
> > >
> > > http://lwn.net/Articles/259204/
> > >
> > >
> > > -- Thanks
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> >
> >
> >
> > --
> > Computer Guru
> > Director,
> > NeoSmart Technologies
> > http://neosmart.net/blog/
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> Abel Cheung   (GPG Key: 0xC67186FF)
> Key fingerprint: 671C C7AE EFB5 110C D6D1  41EE 4152 E1F1 C671 86FF
> --------------------------------------------------------------------
> * My own cave: http://me.abelcheung.org/
> * Opensource Application Knowledge Assoc. - http://oaka.org/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Computer Guru
Director,
NeoSmart Technologies
http://neosmart.net/blog/


More information about the wp-hackers mailing list