3 matches found
CVE-2008-1930
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRYTIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning...
CVE-2008-1930
CVE-2008-1930 affects WordPress 2.5 where cookie authentication relies on a hash of a concatenated string of USERNAME and EXPIRY_TIME. This design allows remote attackers to forge cookies by creating a username that yields the same string, enabling escalation to administrator privileges (cryptogr...
Wordpress 2.5 Cookie Integrity Protection Vulnerability
Wordpress 2.5 Cookie Integrity Protection Vulnerability Original release date: 2008-04-25 Last revised: 2008-04-25 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt CVE ID: CVE-2008-1930 Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/...