Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1930

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1930
Last Modified 07 Mar 2011 10:08:16
Published 28 Apr 2008 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1930

Summary

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

Vulnerable Systems

Application

  • Wordpress 2.5


References

BID - 28935

CONFIRM - http://wordpress.org/development/2008/04/wordpress-251/

VUPEN - ADV-2008-1372

SECTRACK - 1019923

BUGTRAQ - 20080425 Wordpress 2.5 Cookie Integrity Protection Vulnerability

MISC - http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt

XF - wordpress-cookie-security-bypass(42027)

SECUNIA - 29965


Last Updated: 27 May 2016 10:47:42