WordPress.org

Support

Support » Plugins and Hacks » Security Issue | Sensitive Data in Cookie

Security Issue | Sensitive Data in Cookie

  • Hi All,

    “Observation:
    The user session cookies contains the users. e.g,
    Affected Cookies:
    wordpress_logged_in_936b0cc5b677ccc70d37c364caf3a9b7
    wordpress_sec_936b0cc5b677ccc70d37c364caf3a9b7

    Impact:
    Users can leverage client side cookies to gain access.

    Is it possible to remove the user name from cookie?

    Thanks,
    Niranjan Kumar

Viewing 2 replies - 1 through 2 (of 2 total)
  • Mark (podz)

    @podz

    Support Maven

    “Impact:
    Users can leverage client side cookies to gain access. “

    Where – very precisely – is this stated?

    using any third party tool that is used to intercept the cookie or cookie manager adds-on , we can see the cookies and update it as it contains the user name logged in to the system. If We have logged in with user ‘nkumar’ the the cookie contains as-
    Name: wporg_logged_in
    Content: nkumar%7C1334034732%7C52a00bb52cd0b2098de3d3a54de3ccfd
    Domain: .wordpress.or

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Issue | Sensitive Data in Cookie’ is closed to new replies.