Description
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
Remediation
References
Related Vulnerabilities
WordPress Plugin Featured Video Plus Unspecified Vulnerability (2.2.3)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (18.3)
Undertow Unchecked Return Value Vulnerability (CVE-2022-1319)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1579)