Cryptographic splicing makes for a Wordpress vulnerability
Posted May 8, 2008 8:56 UTC (Thu) by eru
Parent article: Cryptographic splicing makes for a Wordpress vulnerability
This means that the hash for username "foobar" with expiration "20080507" is the same as the hash for username "foo" with expiration "bar20080507".
Doesn't the "secret" that was concatenated at the end affect anything here? I suspect the explanation of the vulnerability misses some detail.
to post comments)