Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cookies open Wordpress accounts to easy hijacking

Ian Paul | May 28, 2014
If you're a WordPress.com user you'll want to be extra cautious the next time you're tempted to whip up a blog post from your local coffee shop. If anyone on the same open connection is using a networking sniffing tool like Firesheep, your WordPress.com account could be easily hacked.

Although Zhu discovered the problem on WordPress.com, the problem also affects self-hosted WordPress blogs that use the open source version of the software. On self-hosted versions, however, the login confirmation cookie expires after two weeks and not three years. Self-hosted sites using HTTPS encryption should be safe, however.

WordPress.org developer Andrew Nacin told Zhu via Twitter that this vulnerability will be fixed for self-hosted blogs during the next WordPress release. But it's not clear when Automattic might release a fix for WordPress.com. We've dropped the company a line to find out and will update this story should Automattic company respond.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.