WordPress Cookies Security Bypass Weakness (1.5 - 2.3.1)

Description
  • A weakness has been discovered in WordPress, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the fact that it is possible to construct the two authentication cookies ("wordpressuser_*" and "wordpresspass_*") from the data in the "users" table. Successful exploitation allows e.g. logging in as administrator, but requires read access to the "users" table of the database. The weakness is confirmed in version 2.3.1 and reported in all previous versions down to and including 1.5.
Remediation
  • Update to WordPress version 2.5 or latest
References