Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-11-19 13:46
Updated : 2018-10-15 14:48
NVD link : CVE-2007-6013
Mitre link : CVE-2007-6013
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
wordpress
- wordpress