Description

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

Remediation

References

CVE-2008-1930

Related Vulnerabilities

Jenkins Cryptographic Issues Vulnerability (CVE-2014-2061)

Claroline Other Vulnerability (CVE-2006-1595)

WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter SQL Injection (2.6.7.6)

WordPress Plugin iubenda-All-in-one Compliance for GDPR/CCPA Cookie Consent + more Privilege Escalation (3.3.2)

MySQL CVE-2022-21317 Vulnerability (CVE-2022-21317)

Severity

High

Classification

CVE-2008-1930 CWE-287

Tags

Missing Update Known Vulnerabilities