CVE-2007-6013 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-6013
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-6013

Description: Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/38578 ST 1018980 SREASON http://securityreason.com/securityalert/3375 SAID Secunia Advisory: SA27714 Secunia Advisory: SA28310 MISC http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html FEDORA CONFIRM http://trac.wordpress.org/ticket/5367 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/483927/100/0/threaded

Return to the previous page.