|
|
CVE Reference: CVE-2007-6013 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-6013 |
|
|
Description: Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/38578 ST 1018980 SREASON http://securityreason.com/securityalert/3375 SAID Secunia Advisory: SA27714 Secunia Advisory: SA28310 OSVDB 40801 MISC http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html FEDORA CONFIRM http://trac.wordpress.org/ticket/5367 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483927/100/0/threaded |
|
| Return to the previous page. |
