Democracy 2 plugin privacy issue?

  • Before you run any sensitive polls, please note that Democracy 2 stores the answer in the cookie:

    setcookie(”demVoted_{$this->id}”, $answer, time()+$cookie_last, COOKIEPATH);

    Even if the $answer is numeric, it is easy to participate a few times from various computers and map the numbers to real answers. Then one just needs to read these cookies…

    Aren’t these cookies world readable?

    I just substituted “TEXT” instead of $answer. I hope that this doesn’t break anything. I have also reported this to the plugin authors blog.

    Please correct me, if I’m wrong.

Viewing 1 replies (of 1 total)
  • Thread Starter LostInNetwork

    (@lostinnetwork)

    I must add that while cookies are supposedly only sent back to the respective websites, Wikipedia claims that Javascript can usually access all the cookies and that cookie theft is thus possible (see the end of https://en.wikipedia.org/wiki/HTTP_cookie ) especially in blogs, where people can comment and post html.

    So, controlling the content of cookies can be a real concern.

    This particular plugin doesn’t use the HttpOnly cookie headers, so it might be vulnerable to cookie theft – unless WordPress takes protective measures against code injection to comments. I do not know WordPress well enough to be sure.

    Other vulnerabilities might exist, too, so I would really prefer to remove all references to answers from the cookies. Note, that on a poorly protected shared computer, this could become a problem too.

Viewing 1 replies (of 1 total)
  • The topic ‘Democracy 2 plugin privacy issue?’ is closed to new replies.

Tags