5 matches found
Design/Logic Flaw
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRYTIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning...
Fedora 8 : wordpress-2.3.2-1.fc8 (2008-0103)
This closes : http://www.blackhatdomainer.com/how-to-know-today-what-shoemoney-is-go ing-to-post-tomorrow/ http://www.securityfocus.com/archive/1/485252/30/0/threaded http://trac.wordpress.org/ticket/5487 Note that Tenable Network Security has extracted the preceding description block directly fr...
CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash...
CVE-2007-6013
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash...
CVE-2007-6013
CVE-2007-6013 affects WordPress 1.5 through 2.3.1. The issue stems from authentication cookies generated from an MD5 hash of a password hash, allowing an attacker who can access the user database to create a valid authentication cookie and bypass login. The connected OpenVAS entries reference Fed...