Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5868

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-5868
Last Modified 08 Jan 2013 12:00:00
Published 27 Dec 2012 06:47:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-5868

Summary

WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.

Vulnerable Systems

Application

  • Wordpress 3.4.2


References

MISC - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout


Last Updated: 27 May 2016 10:42:33