WordPress Cookie Authentication Vulnerability
Filed Under (Advisories, WordPress) by DK on 22 November 2007

Steven J. Murdoch has released an advisory regarding weaknesses in the way WordPress generates cookies (without salt), and affects Wordpress 1.5 — 2.3.1 (including current version, as of 2007-11-19).

This is an issue I have looked into before because I have felt there are more vulnerabilities to be found in this area for WordPress as passing around MD5 hashes of your password in the cookie is just not a smart idea.

This vulnerability affects alot of applications and not just WordPress. If an attacker can read your database or stumble across your WP database backup, it is possible for the attacker to gain administrator level access to your blog without the password.

WordPress should really add salt to the cookie or simply use PHP’s built in session management to resolve this issue; however, if the attacker has read-only access to your database, it could be debated that the attacker may have read-only access to more.

The full advisory is available here.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

[Alert] Wordpress Cookie Authentication Vulnerability | Aufklarung Journal on 23 November, 2007 at 7:15 pm #

[...] Blogsecurity.net menginformasikan bahwa terdapat bugs, baru sialnya Wordpress juga kena, yaitu Wordpress Cookie Authentication Vulnerability, yang memungkinkan seorang attacker ‘tuk mendapatkan akses selevel admin (tanpa menggunakan [...]


Wordpress Cookie Authentication Vulnerability | Aufklarung Journal on 23 November, 2007 at 8:48 pm #

[...] Blogsecurity.net menginformasikan bahwa terdapat bugs, baru sialnya Wordpress juga kena, yaitu Wordpress Cookie Authentication Vulnerability, yang memungkinkan seorang attacker ‘tuk mendapatkan akses selevel admin (tanpa menggunakan [...]


Daniel on 24 November, 2007 at 7:50 am #

The worrying thing is if you read the WP list, they STILL DONT GET IT

http://comox.textdrive.com/pipermail/wp-hackers/2007-November/thread.html#16183

I’ve given up on WP as a blogging platform. Until they take security more seriously, i don’t feel it’s suitable for use


Entradas en las blogosferas.32 - Carrero Bitácora de los Hermanos Carrero, David Carrero Fernández-Baillo y Jaime Carrero Fernández-Baillo. on 25 November, 2007 at 7:01 am #

[...] Otro error de seguridad en Wordpress. En la Cooki de autentificación. vía: BlogSecurity [...]


Abel Cheung on 26 November, 2007 at 1:13 pm #

Daniel, don’t be so easily irritated (I have been, and I regret it). To say that WP has security problem to WP lovers is equivalent to blaspheme their god, so that kind of reaction is actually perfectly normal for them.

Instead, full-disclosure to as large portion of WP users is more important, so that more of them can take preventive measure, that’s more beneficial than spending time upsetting and doing nothing.


Comment
Name:
Email:
Website:
Message: