Wordpress Cookie Authentication Vulnerability
Wordpress Cookie Authentication Vulnerability
Posted Nov 20, 2007 6:41 UTC (Tue) by lutchann (subscriber, #8872)In reply to: Wordpress Cookie Authentication Vulnerability by Ross
Parent article: Wordpress Cookie Authentication Vulnerability
That's true of pretty much any authentication system, except those based on asymmetric cryptography. Wordpress is far from unusual in storing password equivalents on disk. So unless Wordpress somehow encouraged making the user table accessible to attackers, I still don't see why this is a big deal.
Posted Nov 20, 2007 9:15 UTC (Tue)
by Ross (guest, #4065)
[Link] (3 responses)
Posted Nov 20, 2007 16:10 UTC (Tue)
by drag (guest, #31333)
[Link] (2 responses)
Posted Nov 20, 2007 18:21 UTC (Tue)
by Los__D (guest, #15263)
[Link] (1 responses)
Posted Nov 20, 2007 19:12 UTC (Tue)
by jengelh (guest, #33263)
[Link]
Wordpress Cookie Authentication Vulnerability
It's true that any encrypted password can be attacked offline if you have the hash, but if the
passwords were properly salted, it would be much more expensive to crack them because an
attacker couldn't build a pre-encrypted dictionary.
Wordpress Cookie Authentication Vulnerability
Ya..
Google around for 'Rainbow tables'. There are ones you can download for free and ones you can
pay for.
Just going out to pirate bay and doing a quick search I found downloads for MD5, SHA1, and NT
Lan manager tables.
Wordpress Cookie Authentication Vulnerability
The main purpose of salts is to combat things like rainbow tables.
Wordpress Cookie Authentication Vulnerability
The main purpose of rainbow tables is to combat unsalted web apps ;-)