NotSoSecure became slighlty more secure with the new Wordpress update.
This update is highly recommended if your wordpress allows user registration.
Its amazing how many vulnerabilities have been identified in wordpress over the years and i wonder how many are yet to come.
I wonder how many web sites will get effected because of this issue. Stefan Esser has a great write up here and the wordpress exploit here.
the following may help you understand this issue better:-
mysql> create table users (username varchar(10), password varchar(20));
Query OK, 0 rows affected (0.12 sec)
mysql> insert into users values('admin','Passw0rd');
Query OK, 1 row affected (0.02 sec)
mysql> select * from users where username ='admin';
+———-+———-+
| username | password |
+———-+———-+
| admin | Passw0rd |
+———-+———-+
1 row in set (0.01 sec)
mysql> insert into users values('admin a','Passw0rd');
Query OK, 1 row affected, 1 warning (0.00 sec)
mysql> select * from users where username ='admin';
+————+———-+
| username | password |
+————+———-+
| admin | Passw0rd |
| admin | Passw0rd |
+————+———-+
2 rows in set (0.00 sec)
