Bug 392411 - (CVE-2007-6013) CVE-2007-6013 wordpress cookie authentication vulnerability
CVE-2007-6013 wordpress cookie authentication vulnerability
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Berninger
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20071120,public=2...
: Security
Depends On: 426432 426433 426434
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-20 09:26 EST by Tomas Hoger
Modified: 2008-05-07 10:24 EDT (History)
2 users (show)

See Also:
Fixed In Version: wordpress-2.5.1-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-07 10:24:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-11-20 09:26:28 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6013 to the following vulnerability:

Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a
password MD5 hash, which allows attackers to bypass authentication by
obtaining the MD5 hash from the user database, then generating the
authentication cookie from that hash.

References:
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt
http://www.securityfocus.com/archive/1/archive/1/483927/100/0/threaded


According to the advisory, there are multiple flaws in the way wordpress
handles authentication cookies (e.g. stolen cookie can be reused until password
is changed, cookie is not generated per login session, ...), so stealing
password MD5 hash from DB is probably not the only attack vector.

Moreover, there does not seem to be any official upstream fix at the moment.
Comment 1 Adrian Reber 2007-11-20 12:10:38 EST
Reading the reference I have no idea how to fix it but then just waiting for the
next wordpress release.
Comment 2 Adrian Reber 2007-11-20 12:32:53 EST
http://trac.wordpress.org/ticket/5367
Comment 3 Tomas Hoger 2007-11-21 05:40:02 EST
Adrian, thanks for the upstream bug link!
Comment 5 Tomas Hoger 2008-05-07 10:24:09 EDT
New cookie hashing method was introduced in wordpress 2.5 (with it's own issues
- CVE-2008-1930), so closing this bug.

Note You need to log in before you can comment on or make changes to this bug.