WordPress.org

Ready to get started?Download WordPress

Forums

Security Issue | Sensitive Data in Cookie (3 posts)

  1. nkumar4
    Member
    Posted 2 years ago #

    Hi All,

    "Observation:
    The user session cookies contains the users. e.g,
    Affected Cookies:
    wordpress_logged_in_936b0cc5b677ccc70d37c364caf3a9b7
    wordpress_sec_936b0cc5b677ccc70d37c364caf3a9b7

    Impact:
    Users can leverage client side cookies to gain access.

    Is it possible to remove the user name from cookie?

    Thanks,
    Niranjan Kumar

  2. Mark (podz)
    Support Maven
    Posted 2 years ago #

    "Impact:
    Users can leverage client side cookies to gain access. "

    Where - very precisely - is this stated?

  3. nkumar4
    Member
    Posted 2 years ago #

    using any third party tool that is used to intercept the cookie or cookie manager adds-on , we can see the cookies and update it as it contains the user name logged in to the system. If We have logged in with user 'nkumar' the the cookie contains as-
    Name: wporg_logged_in
    Content: nkumar%7C1334034732%7C52a00bb52cd0b2098de3d3a54de3ccfd
    Domain: .wordpress.or

Topic Closed

This topic has been closed to new replies.

About this Topic