WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability

SECRET_KEY is the new addition to wordpress Security which is introduced in the WordPress 2.5. SECRET_KEY is used to secure WordPress Cookies. But an attacker can use this Key to intrude the WordPress system. In a recently found vulnerability discovered by xiam and published in Security Focus shows that an attacker can get into the system through this technique.
Continue reading “WordPress 2.5 SECRET_KEY and SALT Cracking Vulnerability”

WordPress 2.5 SECRET_KEY

The New WordPress 2.5 has intoduced a security feature for wordpress cookies called SECRET_KEY. It will make cookies secure against attacks where someone has hacked into your database via an SQL injection exploit. SECRET_KEY is defined in the wp-config-sample.php file like this :

// Change SECRET_KEY to a unique phrase. You won’t have to remember it later,
// so make it long and complicated. You can visit http://api.wordpress.org/secret-key/1.0/
// to get a secret key generated for you, or just make something up.
define(’SECRET_KEY’, ‘put your unique phrase here’); // Change this to a unique phrase.

Continue reading “WordPress 2.5 SECRET_KEY”