TROYANOSYVIRUS
Back to CVEs

CVE-2007-6013

CRITICAL
9.8

Description

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/19/2007
Last Modified4/23/2026
Sourcenvd
Honeypot Sightings0

Affected Products

fedoraproject:fedorawordpress:wordpress

Weaknesses (CWE)

CWE-327

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html(cve@mitre.org)
http://osvdb.org/40801(cve@mitre.org)
http://secunia.com/advisories/27714(cve@mitre.org)
http://secunia.com/advisories/28310(cve@mitre.org)
http://securityreason.com/securityalert/3375(cve@mitre.org)
http://trac.wordpress.org/ticket/5367(cve@mitre.org)
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt(cve@mitre.org)
http://www.securityfocus.com/archive/1/483927/100/0/threaded(cve@mitre.org)
http://www.securitytracker.com/id?1018980(cve@mitre.org)
http://www.vupen.com/english/advisories/2007/3941(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38578(cve@mitre.org)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html(cve@mitre.org)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html(cve@mitre.org)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/40801(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27714(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28310(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3375(af854a3a-2127-422b-91ae-364da2661108)
http://trac.wordpress.org/ticket/5367(af854a3a-2127-422b-91ae-364da2661108)
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/483927/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018980(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3941(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38578(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.