![]() $auth_cookie = wp_generate_auth_cookie( $user_id, $expiration, $scheme, $token ) $token = $manager->create( $expiration ) $manager = WP_Session_Tokens::get_instance( $user_id ) $logged_in_cookie = wp_generate_auth_cookie($user_id, $expiration, 'logged_in') I tried the POC and found that the version 3.9 auth cookies generated were in a shorter format than those required for 4.7.2.Ĭomparison of the WordPress source code reveals an additional $token parameter that is used to when generating $auth_cookie.ģ.9 $auth_cookie = wp_generate_auth_cookie($user_id, $expiration, $scheme) ![]() I'm wondering if the brute force attack described in the article is possible in newer versions. The article however applies to WordPress 3.9. ![]() The pertinent host dependent inputs required for the brute-force process are a valid WordPress user ID, server name and the server AUTH secrets from wp-config.php. Having read Mike Czumak's article on generating WordPress cookie, I understand on a high level how the generation of WP auth session cookies may work: I recently came across a WordPress (v 4.7.2) site with an exposed wp-config.php file, within which plain text server authorisation key secrets were accessible.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |