Saturday, August 2, 2025
  • Hype
  • Murai
  • Lipstiq
  • Miss Murai
  • Varnam
  • Moviedash
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
No Result
View All Result
Home News Internet

Wordpress Accounts Vulnerable To Hijacked Cookies

by Farhan
May 27, 2014
Share on FacebookShare on Twitter

wordpress_postblog-e1400805350246

Anyone who logs into their Wordpress account from public WiFi should take note that the user authentication cookies used for logging in are not encrypted and are easily hijacked by anyone looking to steal information. More importantly, this method of hijacking cookies manages to circumvent two-stage authentication.

A technologist at the Electronic Frontier Foundation, Yan Zhu, noticed the ‘wordpress_logged_in’ cookie being sent over regular HTTP while looking for a bug report. She then grabbed the cookie to examine it and discovered that Wordpress does not encrypt cookies as required for good security practices. The cookie can then be copied and pasted to any other browser to gain access to the victim’s Wordpress account.

Fortunately the security flaw does not allow hijackers to change passwords; as that information is stored within a different – and more secure – cookie. It, however, does allow others to read private messages, post new blog entries, view blog stats, and comment on other posts as the original user.

The Wordpress cookie does not even expire after the user logs out, instead lasting for what Zhu notes is three years. Although, she admits that she has no idea how long it takes for the cookie to expire on the server side.

Wordpress admits that it is aware of the issue, and will fix it with the next release. Until then, users should be extra careful to avoid logging in over public WiFi. Although, it has been pointed out that the issue does not affect Wordpress sites using HTTPS.

[Source: Discrete Blogarithm]

Filed Under CookieHackhijackHTTPSsecurityWordpress
Updated 12:33 pm, Tue, 27 May 14
https://lowy.at/en94j
Share1Tweet1SendShare

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

No Result
View All Result

TRENDING THIS WEEK

  1. 1
    Action Cameras

    AKASO 360 Lands In Malaysia; Starts From RM899

  2. 2
    News

    Intel To Consolidate Chip Assembly And Test Operations In Malaysia

  3. 3
    How-To's

    RM100 SARA: How To Redeem, And Everything Else You Need To Know

  4. 4
    Hardware

    Hypershell Exoskeleton Now Available In Malaysia From RM4,999

  5. 5
    Random As It Gets

    Someone Patented This Controller Design

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Miss Murai
  • Varnam
  • Moviedash
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Contact Us
  • Editorial Policy
  • Terms & Conditions

©2025 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zone
    • Viewnet
    • Sri Computers
    • Startec
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables

©2025 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zone
    • Viewnet
    • Sri Computers
    • Startec
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables

©2025 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.