Comments on: WordPress 2.5 Cookie Forging Explained

By: Crossing Arbogast

Crossing Arbogast — Thu, 09 Jul 2009 06:17:52 +0000

Thanks for this Nice post, Really usefull all of us. just bookmarked this post in my digg profile, hope you will update more post soon.
I really liked your blog!

Regards,
Shaza

By: WordPress 2 5 Cookie Forging Explained | Cellulite Creams

WordPress 2 5 Cookie Forging Explained | Cellulite Creams — Tue, 09 Jun 2009 02:36:19 +0000

[...] WordPress 2 5 Cookie Forging Explained Posted by root 7 minutes ago (http://www.veracode.com) Chris eng senior director of security research middot chris wysopal co founder and chief wordpress 2 5 1 came out recently it includes a critical security fix for a cookie comment by paul web design ireland may 5 2008 4 47 pm mail will not be published re Discuss | Bury | News | WordPress 2 5 Cookie Forging Explained [...]

By: Chris Eng

Chris Eng — Thu, 08 May 2008 21:20:26 +0000

@devnull: You’re missing the point. I don’t have to feed all the parameters into the HMAC function. It doesn’t matter if I know SECRET_KEY or not because at no point am I (as an attacker) required to provide the key. The point is that the HMAC function will calculate the same value for [username=admin, expiry=01209331305] as it will for [username=admin0, expiry=1209331305]. I can use WordPress to do that calculation for me — legitimately — and then re-use that value.

This is sometimes referred to as an oracle attack. We use the application against itself by asking it to perform a useful cryptographic operation for us — in this case, calculating an HMAC for one user that we can then use to impersonate another user. We don’t care what the key is because we have a valid HMAC and that’s all that matters.

By: devnull

devnull — Wed, 07 May 2008 09:36:33 +0000

I did some backtracking and I must be missing something or I have misunderstood something because this all seems imposible without knowing SECRET_KEY and SECRET_KEY constants if those aren’t defined a random string is generated.
$key = wp_hash($user->user_login . $expiration); great however
function wp_hash($data) { $salt = wp_salt();
lets have a look at wp_salt();

function wp_salt() {
global $wp_default_secret_key;
$secret_key = ”;
if ( defined(’SECRET_KEY’) && (” != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
$secret_key = SECRET_KEY;

if ( defined(’SECRET_SALT’) ) {
$salt = SECRET_SALT;
} else {
$salt = get_option(’secret’);
if ( empty($salt) ) {
$salt = wp_generate_password();
update_option(’secret’, $salt);
}
}

return apply_filters(’salt’, $secret_key . $salt);
}

So without knowing those constants how can you feed function hash_hmac($algo, $data, $key, $raw_output = false) the param $key?

By: (1+2)+(1+4)+(1+6)=multe paranteze si cifre » WordPress 2.5.1 is available! Please update now.

Tue, 06 May 2008 14:07:24 +0000

[...] un articol stufos despre cum stă [...]

By: Paul @ Web Design Ireland

Paul @ Web Design Ireland — Mon, 05 May 2008 21:47:53 +0000

Thanks for explaining this. Im a great believer that security disclosure helps make us better developers.

By: Chris Eng

Chris Eng — Mon, 05 May 2008 17:47:53 +0000

@Amana: Replace each occurrence of %7C in your cookie with the ‘|’ (pipe) character and you will see that yours does look similar to what I’ve described. Your expiration timestamp is 1211057307 and the result of the HMAC is 6e0e9bec639167e4b2cfde09892e9d08.

By: Amana

Amana — Sat, 03 May 2008 21:00:43 +0000

Hello. MY wp is also 2.5, but cookie looks like :
wordpress_ba52b2fd4ea180a4841306bc0ad6d3b2
admin%7C1211057307%7C6e0e9bec639167e4b2cfde09892e9d08
http://www.forgedeuphoria.com/blog/
1536
1528536960
29931615
160032496
29928799
*
Why it is different to
admin0|1209331305|HMAC_FUNCTION(“admin0|1209331305″) ???