Showing Articles About
wordpress
-
Jon Cave - 11 Apr 2014
WordPress auth cookie forgery
A vulnerability in WordPress's authentication cookie validation allows potential cookie forgery through PHP type juggling. The flaw enables attackers to bypass authentication by exploiting non-strict comparison methods in the cookie verification code. Two attack vectors were identified: MAC verification bypass and potential timing attacks to determine expected MAC values.