Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#54988 closed defect (bug) (duplicate)

Password Protected Page access sequrity issue

Reported by: ravipatel's profile ravipatel Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords:
Focuses: Cc:

Description

Follow this steps:

1) Create page 1 and set pass: 111
2) Create page 2 and set same pass : 111

Task: I have set same password for multiple pages.

Now you can access any single page and page content show both pages.

Ideally need to password submit and show specific page only.

Change History (3)

#1 @tobifjellner
2 years ago

  • Focuses administration coding-standards removed
  • Resolution set to invalid
  • Status changed from new to closed

This is not an error, but the way this rather simple function was designed:
When a visitor enters a password for a password-protected page, that password is stored (in clear text) as a cookie in the visitor's browser.
So if you use the same password on several pages, then a visitor will have to enter this password only once.

So I'll take the freedom to close this ticket.

#2 @SergeyBiryukov
2 years ago

  • Component changed from General to Posts, Post Types
  • Resolution changed from invalid to duplicate

Hi there, welcome back to WordPress Trac!

Thanks for the report, we're already tracking this issue in #16483.

#3 @SergeyBiryukov
2 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.