WordPress Cookies Processing Authentication Bypass Weakness
The News Review:
- WordPress Cookies Processing Authentication Bypass Weakness
- Wordpress Guru Sherman Hu Prompts: What Are You Thankful for?
- Comments on ‘Google serves up surprise password cracking function’
- Sporting News – Your expert source for MLB Baseball NFL Football…
WordPress Cookies Processing Authentication Bypass Weakness
FrSIRT – Nov 21, 2007
This issue is caused due to the application using cookie values based on the MD5 hash of a password MD5 hash which could be exploited by an attacker with read access to the “wp_user” table of a database to gain unauthorized administrative access to a vulnerable application. Note: This issue is reportedly being exploited in the wild. Affected Products WordPress version 2.
Wordpress Guru Sherman Hu Prompts: What Are You Thankful for?
PR.com – PR.com (press release) – Nov 21, 2007
com)– Sherman Hu founder of ShermanLive. com Chief Blogging fficer (CB) of WordpressTutorials. com and faculty member at Stompernet.
Comments on ‘Google serves up surprise password cracking function’
Register – Nov 21, 2007
phpMD5 is for hashing! By Alex Tomkins Posted Wednesday 21st November 2007 13:43 GMTWhen will software developers realise that a simple MD5 on a password is insecure and pointless? Anyone can obtain a database of MD5 results to quickly get a working password to an application which in turn might lead to the same username and password being used on other sites. Wordpress phpBB and various other applications stick with a pointless hash without a salt. @ AC By Michael Posted Wednesday 21st November 2007 18:02 GMT. "So yes he’s the bloody admin!auth: MD5-PW By peter Posted Wednesday 21st November 2007 19:37 GMTr you can go on Arin or RIpe and change all the insecure auth owners details to rude words… Password hashes definately taste better with salt. There is no excuse for ever storing plain text passwords anywhere. As for wordpress phpBB VB and other big name web software I’m always of the opinion that if it’s worth doing then it’s worth doing yourself. They’ve all proven repeatedly that they know bugger all about security and their code should never be trusted without some serious modifications. SHA512 your asses! By Anonymous Coward Posted Thursday 22nd November 2007 06:06 GMT. SHA512 generates 88 bytes which can be padded using your salt key and then stored using token-stripped Base64 for portability and size.
Sporting News – Your expert source for MLB Baseball NFL Football…
SportingNews.com – Nov 21, 2007
Initially I was frustrated about the lack of functionality here at SN which inevitably caused my interest in blogging here to slow down. Simple things such as URL references offsite images and even the ever popular video tools that could allow us to link to YouTube and other hosted video. So today I sat down to write and e-mail to SN expressing my frustration but I thought I had better check out the “Post a new blog entry” template before I send off the e-mail; rather than look stupid in the event something had been done to advance our tools. Sure enough I saw new toolbar of form buttons:.
Written by admin on November 21st, 2007 with
no comments.
Read more articles on News.