Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6013

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6013
Last Modified 09 Mar 2011 12:00:00
Published 19 Nov 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6013

Summary

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Vulnerable Systems

Application

  • Wordpress 1.5

  • Wordpress 1.5-strayhorn

  • Wordpress 1.5.1

  • Wordpress 1.5.1.1

  • Wordpress 1.5.1.2

  • Wordpress 1.5.1.3

  • Wordpress 1.5.2

  • Wordpress 2.0

  • Wordpress 2.0.1

  • Wordpress 2.0.10

  • Wordpress 2.0.11

  • Wordpress 2.0.4

  • Wordpress 2.0.5

  • Wordpress 2.0.6

  • Wordpress 2.0.7

  • Wordpress 2.0.8

  • Wordpress 2.0.9

  • Wordpress 2.1

  • Wordpress 2.1.1

  • Wordpress 2.1.2

  • Wordpress 2.1.3

  • Wordpress 2.2

  • Wordpress 2.2.1

  • Wordpress 2.2.2

  • Wordpress 2.2.3

  • Wordpress 2.3

  • Wordpress 2.3.1


References

FEDORA - FEDORA-2008-0126

FEDORA - FEDORA-2008-0103

XF - wordpress-password-weak-security(38578)

VUPEN - ADV-2007-3941

SECTRACK - 1018980

BUGTRAQ - 20071119 Wordpress Cookie Authentication Vulnerability

MISC - http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt

CONFIRM - http://trac.wordpress.org/ticket/5367

SREASON - 3375

SECUNIA - 28310

SECUNIA - 27714

OSVDB - 40801


Last Updated: 27 May 2016 10:46:21