[CVE-2007-6013] Authentication cookies easily derivable from password hash
Bug #172440 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
WordPress |
Fix Released
|
Unknown
|
|||
wordpress (Debian) |
Fix Released
|
Unknown
|
|||
wordpress (Ubuntu) |
Fix Released
|
Medium
|
Emanuele Gentili | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Emanuele Gentili |
Bug Description
Binary package hint: wordpress
Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Combined with the prevalence of SQL injection in WordPress, this could be an issue. Otherwise it's fairly unimportant.
CVE References
Changed in wordpress: | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in wordpress: | |
status: | Unknown → New |
Changed in wordpress: | |
status: | New → Confirmed |
Changed in wordpress: | |
status: | Unknown → New |
Changed in wordpress: | |
status: | Confirmed → Fix Released |
Changed in wordpress: | |
assignee: | nobody → emgent |
Changed in wordpress: | |
status: | New → Fix Committed |
Changed in wordpress: | |
status: | Fix Committed → Fix Released |
Changed in wordpress: | |
status: | Confirmed → Fix Released |
Changed in wordpress: | |
assignee: | nobody → emgent |
status: | New → Confirmed |
To post a comment you must log in.
diff for gutsy is ready.