WordPress.org

Ready to get started?Download WordPress

Forums

Democracy 2 plugin privacy issue? (2 posts)

  1. LostInNetwork
    Member
    Posted 7 years ago #

    Before you run any sensitive polls, please note that Democracy 2 stores the answer in the cookie:

    setcookie(”demVoted_{$this->id}”, $answer, time()+$cookie_last, COOKIEPATH);

    Even if the $answer is numeric, it is easy to participate a few times from various computers and map the numbers to real answers. Then one just needs to read these cookies...

    Aren't these cookies world readable?

    I just substituted "TEXT" instead of $answer. I hope that this doesn't break anything. I have also reported this to the plugin authors blog.

    Please correct me, if I'm wrong.

  2. LostInNetwork
    Member
    Posted 7 years ago #

    I must add that while cookies are supposedly only sent back to the respective websites, Wikipedia claims that Javascript can usually access all the cookies and that cookie theft is thus possible (see the end of http://en.wikipedia.org/wiki/HTTP_cookie ) especially in blogs, where people can comment and post html.

    So, controlling the content of cookies can be a real concern.

    This particular plugin doesn't use the HttpOnly cookie headers, so it might be vulnerable to cookie theft - unless WordPress takes protective measures against code injection to comments. I do not know WordPress well enough to be sure.

    Other vulnerabilities might exist, too, so I would really prefer to remove all references to answers from the cookies. Note, that on a poorly protected shared computer, this could become a problem too.

Topic Closed

This topic has been closed to new replies.

About this Topic