I believe it requires the wp caching be enabled (which is now off by default
if I recall correclt, and frankly it should be ripped out, only ever put
back in by a knowledgable sysadmin!), plus a specific comment-subscription
That said, it's a good read on hash vulnerabilities, and the problems of
multiple 'people' using the same hashes opening up potential security holes.
Thus always add something unique to your hash. ;)
----- Original Message -----
From: "Roy Schestowitz" <r@xxxxxxxxxxxxxxx>
To: "WP-Hackers" <wp-hackers@xxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, June 22, 2006 2:27 PM
Subject: [wp-hackers] Security: Oracle and WordPress
| The following has just cropped up in the Topix Computer Science feed (6
| hours ago). I thought I'd share it, just in case it needs to be addressed.
| Oracle attack on Wordpress
| ,----[ Quote ]
|| This post describes the second of two vulnerabilities I found in
|| Wordpress. The first, a XSS vulnerability, was described last week. While
|| the vulnerability discussed here is applicable in fewer cases than the
|| previous one, it is an example of a comparatively rare class, oracle
|| attacks, so I think merits further exposition.
| wp-hackers mailing list
wp-hackers mailing list