Vulnerability Details CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html
- http://osvdb.org/40801
- http://secunia.com/advisories/27714
- http://secunia.com/advisories/28310
- http://securityreason.com/securityalert/3375
- http://trac.wordpress.org/ticket/5367
- http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt
- http://www.securityfocus.com/archive/1/483927/100/0/threaded
- http://www.securitytracker.com/id?1018980
- http://www.vupen.com/english/advisories/2007/3941
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38578
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html
- http://osvdb.org/40801
- http://secunia.com/advisories/27714
- http://secunia.com/advisories/28310
- http://securityreason.com/securityalert/3375
- http://trac.wordpress.org/ticket/5367
- http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt
- http://www.securityfocus.com/archive/1/483927/100/0/threaded
- http://www.securitytracker.com/id?1018980
- http://www.vupen.com/english/advisories/2007/3941
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38578
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html
Products affected by CVE-2007-6013
-
cpe:2.3:a:wordpress:wordpress:1.5
-
cpe:2.3:a:wordpress:wordpress:1.5.1
-
cpe:2.3:a:wordpress:wordpress:1.5.1.1
-
cpe:2.3:a:wordpress:wordpress:1.5.1.2
-
cpe:2.3:a:wordpress:wordpress:1.5.1.3
-
cpe:2.3:a:wordpress:wordpress:1.5.2
-
cpe:2.3:a:wordpress:wordpress:1.6.2
-
cpe:2.3:a:wordpress:wordpress:2.0
-
cpe:2.3:a:wordpress:wordpress:2.0.1
-
cpe:2.3:a:wordpress:wordpress:2.0.10
-
cpe:2.3:a:wordpress:wordpress:2.0.11
-
cpe:2.3:a:wordpress:wordpress:2.0.2
-
cpe:2.3:a:wordpress:wordpress:2.0.3
-
cpe:2.3:a:wordpress:wordpress:2.0.4
-
cpe:2.3:a:wordpress:wordpress:2.0.5
-
cpe:2.3:a:wordpress:wordpress:2.0.6
-
cpe:2.3:a:wordpress:wordpress:2.0.7
-
cpe:2.3:a:wordpress:wordpress:2.0.8
-
cpe:2.3:a:wordpress:wordpress:2.0.9
-
cpe:2.3:a:wordpress:wordpress:2.1
-
cpe:2.3:a:wordpress:wordpress:2.1.1
-
cpe:2.3:a:wordpress:wordpress:2.1.2
-
cpe:2.3:a:wordpress:wordpress:2.1.3
-
cpe:2.3:a:wordpress:wordpress:2.2
-
cpe:2.3:a:wordpress:wordpress:2.2.1
-
cpe:2.3:a:wordpress:wordpress:2.2.2
-
cpe:2.3:a:wordpress:wordpress:2.2.3
-
cpe:2.3:a:wordpress:wordpress:2.3
-
cpe:2.3:a:wordpress:wordpress:2.3.1
-
cpe:2.3:o:fedoraproject:fedora:7
-
cpe:2.3:o:fedoraproject:fedora:8