[wp-trac] [WordPress Trac] #63203: Application Passwords BC Break in 6.8's new hashing
WordPress Trac
noreply at wordpress.org
Mon Mar 31 22:38:41 UTC 2025
#63203: Application Passwords BC Break in 6.8's new hashing
-----------------------------------+---------------------
Reporter: snicco | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.8
Component: Application Passwords | Version: trunk
Severity: major | Resolution:
Keywords: has-patch | Focuses:
-----------------------------------+---------------------
Comment (by peterwilsoncc):
I've verified this issue by creating custom implementations of
`wp_hash_password()` and `wp_check_password()`. (They're very basic and
wildly insecure so I won't be sharing them here -- think rot13).
I think the new methods in `WP_Application_Passwords` will either need to
be removed or converted to wrappers for the pluggable functions
`wp_hash_password()` and `wp_check_password()`.
My inclination is to remove them as they won't serve much purpose as
wrappers.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63203#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list