CVE-2007-6013 - CVE Reference - Advisories

CVE Reference: CVE-2007-6013

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-6013

Description: Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/38578 ST 1018980 SREASON http://securityreason.com/securityalert/3375 SAID Secunia Advisory: SA27714 Secunia Advisory: SA28310 MISC http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html FEDORA CONFIRM http://trac.wordpress.org/ticket/5367 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483927/100/0/threaded

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

2.	Joomla Community Builder Component File Inclusion

3.	Novell eDirectory Multiple Vulnerabilities

4.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

5.	dotProject SQL Injection and Cross-Site Scripting

6.	Slackware update for amarok

7.	Caudium "configvar" Insecure Temporary Files

8.	phpMyRealty "price_max" SQL Injection Vulnerability

9.	GpsDrive "geo-code" Insecure Temporary Files

10.	Adium MSN SLP Message Integer Overflow Vulnerabilities