Saturday, August 23, 2025
  • Hype
  • Murai
  • Lipstiq
  • Miss Murai
  • Varnam
  • Moviedash
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
No Result
View All Result
Lowyat.NET
No Result
View All Result
Home News Internet

Wordpress Accounts Vulnerable To Hijacked Cookies

by Farhan
May 27, 2014
Share on FacebookShare on Twitter

wordpress_postblog-e1400805350246

Anyone who logs into their Wordpress account from public WiFi should take note that the user authentication cookies used for logging in are not encrypted and are easily hijacked by anyone looking to steal information. More importantly, this method of hijacking cookies manages to circumvent two-stage authentication.

A technologist at the Electronic Frontier Foundation, Yan Zhu, noticed the ‘wordpress_logged_in’ cookie being sent over regular HTTP while looking for a bug report. She then grabbed the cookie to examine it and discovered that Wordpress does not encrypt cookies as required for good security practices. The cookie can then be copied and pasted to any other browser to gain access to the victim’s Wordpress account.

Fortunately the security flaw does not allow hijackers to change passwords; as that information is stored within a different – and more secure – cookie. It, however, does allow others to read private messages, post new blog entries, view blog stats, and comment on other posts as the original user.

The Wordpress cookie does not even expire after the user logs out, instead lasting for what Zhu notes is three years. Although, she admits that she has no idea how long it takes for the cookie to expire on the server side.

Wordpress admits that it is aware of the issue, and will fix it with the next release. Until then, users should be extra careful to avoid logging in over public WiFi. Although, it has been pointed out that the issue does not affect Wordpress sites using HTTPS.

[Source: Discrete Blogarithm]

Filed Under CookieHackhijackHTTPSsecurityWordpress
Updated 12:33 pm, Tue, 27 May 14
https://lowy.at/en94j
Share1Tweet1SendShare

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

No Result
View All Result

TRENDING THIS WEEK

  1. 1
    News

    MOF: MyKad, E-Wallets, Fuel Apps Considered For RON95 Subsidy Delivery

  2. 2
    Storage

    Seagate, KPDN Take Down Counterfeiting Hard Drive Workshop Outside Kuala Lumpur

  3. 3
    Banking

    HSBC Launches New Premier Card Travel Benefits To Entice New Customers

  4. 4
    Mobile Phones

    Google Pixel 10 Official In Malaysia From RM3,999

  5. 5
    Apps

    First Look At The MyGOV Malaysia Super App Beta

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Miss Murai
  • Varnam
  • Moviedash
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Contact Us
  • Editorial Policy
  • Terms & Conditions

©2025 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zone
    • Viewnet
    • Sri Computers
    • Startec
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables

©2025 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zone
    • Viewnet
    • Sri Computers
    • Startec
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables

©2025 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.