LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

The current development kernel is...linux-next?

Notes on the Viacom ruling

LWN.net Weekly Edition for July 3, 2008

More DTrace envy

LWN.net Weekly Edition for June 26, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Wordpress Cookie Authentication Vulnerability

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 3:39 UTC (Tue) by lutchann (subscriber, #8872)
In reply to: Wordpress Cookie Authentication Vulnerability by lutchann
Parent article: Wordpress Cookie Authentication Vulnerability 

And by "new user" I mean "new administrator".  In other words, how does having administrator
access to the web site give you more power than the SQL injection vulnerability itself?

(Log in to post comments)

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 3:53 UTC (Tue) by drag (subscriber, #31333) [Link] 

I donno. Good point.

I just figured being able to display a table requires less rights then being able to modify it
and since it's needed by the authentication stuff then it would be accessable to parts of the
website accessable by anonymous people.

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 6:09 UTC (Tue) by Ross (subscriber, #4065) [Link] 

For one thing, this type of problem would allow access to continue long after the broken code
is fixed, without the user knowing about it.  Also, because of the way the password is stored,
it would easy allow offline cracking of passwords, and users tend to reuse the same password
on different sites.

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 6:41 UTC (Tue) by lutchann (subscriber, #8872) [Link] 

That's true of pretty much any authentication system, except those based on asymmetric
cryptography.  Wordpress is far from unusual in storing password equivalents on disk.  So
unless Wordpress somehow encouraged making the user table accessible to attackers, I still
don't see why this is a big deal.

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 9:15 UTC (Tue) by Ross (subscriber, #4065) [Link] 

It's true that any encrypted password can be attacked offline if you have the hash, but if the
passwords were properly salted, it would be much more expensive to crack them because an
attacker couldn't build a pre-encrypted dictionary.

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 16:10 UTC (Tue) by drag (subscriber, #31333) [Link] 

Ya..

Google around for 'Rainbow tables'. There are ones you can download for free and ones you can
pay for. 

Just going out to pirate bay and doing a quick search I found downloads for MD5, SHA1, and NT
Lan manager tables.

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 18:21 UTC (Tue) by Los__D (subscriber, #15263) [Link] 

The main purpose of salts is to combat things like rainbow tables.

Wordpress Cookie Authentication Vulnerability

Posted Nov 20, 2007 19:12 UTC (Tue) by jengelh (subscriber, #33263) [Link] 

The main purpose of rainbow tables is to combat unsalted web apps ;-)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.