Description

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Remediation

References

CVE-2007-6013

Related Vulnerabilities

ownCloud Other Vulnerability (CVE-2014-2055)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (4.0.2)

WordPress Plugin Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25644)

Severity

Medium

Classification

CVE-2007-6013 CWE-287

Tags

Missing Update Known Vulnerabilities