WordPress 2.5 salt cracking vulnerability
Posted by
xiam on
Software I discovered a medium severity vulnerability in the way
WordPress 2.5 handles user authentications, this is not a universally exploitable bug, so I think it would be no problem to apply
full-disclosure this time. An
advisory is available and
a copy was sent to securityfocus' bugtraq. A temporary solution is provided within the advisory.
About the author
José Carlos Nieto es un nerd que pretende ser estudiante de Matemáticas en la UNAM, trabaja con sus amigos haciendo cosas divertidas en Astrata.
{ 
Lost your password?
Get your account
Although I'm not a fellow user of Wordpress, I think you did great work discovering this bug, keep doing it. However, just a little recommendation, your proof of concept isn't a linear algorithm but a brute force algorithm. Probably it would be better if you talk about the complexity of your algorithm using Big O Notation instead of time in seconds/hours/days or whatever, because not all the people have the same computer power, so we have to use some notation independent of how much RAM or Memory your computer has. Also it's important because you can take into account best, worst and average cases.
Regards.
Muy buen laburo
me pase por aqui…
Saludos
Buenas,
Primero, gracias por los creditos, realmente no eran necesarios.
Segundo, te adverti que de esa forma no te hiban a responder (rapido), hubieras usado la expedita en dado caso xD.
Saludos
@jaircazarin, thanks! You're right, I should use another method to specify the algorithm speed, I confess that I don't know how to use big O notation yet but I'm looking the wiki page right now. Thanks for being such a good host last Wednesday too :-).