API tools faq
paste
Advertisement
voodooKobra

Logic 101

voodooKobra
Feb 16th, 2015
268
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.65 KB | None | 0 0
raw download clone embed print report
  1. If anyone with RNG breaking experience (cough solar designer cough) can PoC
  2. it, without the patch I've provided you should be able to trivially predict
  3. the password reset token for admin users and take over any WordPress site
  4. completely.
  5.  
  6. Let's translate this statement.
  7.  
  8. IF
  9. anyone smarter than me (e.g. solardiz) can write a Proof of Concept code for the WP RNG
  10. THEN
  11. you should be able to trivially predict the password reset token for admin users and take over any WordPress site completely
  12. UNLESS
  13. you patch the RNG to use a true CSPRNG (/dev/urandom for instance)
  14.  
  15. Slicing the conditional statement here is intellectually dishonest.
  16.  
  17. @voodooKobra
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!