CVE - CVE-2007-6013

CVE-ID
CVE-2007-6013	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20071119 Wordpress Cookie Authentication Vulnerability URL:http://www.securityfocus.com/archive/1/483927/100/0/threaded CONFIRM:http://trac.wordpress.org/ticket/5367 FEDORA:FEDORA-2008-0103 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html FEDORA:FEDORA-2008-0126 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html FULLDISC:20071119 Wordpress Cookie Authentication Vulnerability URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html MISC:http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt OSVDB:40801 URL:http://osvdb.org/40801 SECTRACK:1018980 URL:http://www.securitytracker.com/id?1018980 SECUNIA:27714 URL:http://secunia.com/advisories/27714 SECUNIA:28310 URL:http://secunia.com/advisories/28310 SREASON:3375 URL:http://securityreason.com/securityalert/3375 VUPEN:ADV-2007-3941 URL:http://www.vupen.com/english/advisories/2007/3941 XF:wordpress-password-weak-security(38578) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38578
Assigning CNA
MITRE Corporation
Date Record Created
20071119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)