User: Password:
|
|
Subscribe / Log in / New account

Cryptographic splicing makes for a Wordpress vulnerability

Cryptographic splicing makes for a Wordpress vulnerability

Posted May 16, 2008 13:37 UTC (Fri) by jake (editor, #205)
In reply to: Cryptographic splicing makes for a Wordpress vulnerability by robbe
Parent article: Cryptographic splicing makes for a Wordpress vulnerability

> IMO not validating the expiration date format is one of the main 
> errors here. Or does WP strive to be Y10K compliant??

In the article, I was trying to steer clear of providing complete, exploitable details while
still giving more details than the advisory.  I believe the expiration is actually the number
of seconds since the epoch, which may be easier to exploit and still validate as a reasonable
expiration.

jake


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds