TROYANOSYVIRUS
Voltar para CVEs

CVE-2007-6013

CRITICAL
9.8

Descricao

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/19/2007
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

fedoraproject:fedorawordpress:wordpress

Fraquezas (CWE)

CWE-327

Referencias

http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html(cve@mitre.org)
http://osvdb.org/40801(cve@mitre.org)
http://secunia.com/advisories/27714(cve@mitre.org)
http://secunia.com/advisories/28310(cve@mitre.org)
http://securityreason.com/securityalert/3375(cve@mitre.org)
http://trac.wordpress.org/ticket/5367(cve@mitre.org)
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt(cve@mitre.org)
http://www.securityfocus.com/archive/1/483927/100/0/threaded(cve@mitre.org)
http://www.securitytracker.com/id?1018980(cve@mitre.org)
http://www.vupen.com/english/advisories/2007/3941(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38578(cve@mitre.org)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html(cve@mitre.org)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html(cve@mitre.org)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/40801(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27714(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28310(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3375(af854a3a-2127-422b-91ae-364da2661108)
http://trac.wordpress.org/ticket/5367(af854a3a-2127-422b-91ae-364da2661108)
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/483927/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018980(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3941(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38578(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.