Red Hat Bugzilla – Bug 392411
CVE-2007-6013 wordpress cookie authentication vulnerability
Last modified: 2008-05-07 10:24:31 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6013 to the following vulnerability:
Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a
password MD5 hash, which allows attackers to bypass authentication by
obtaining the MD5 hash from the user database, then generating the
authentication cookie from that hash.
According to the advisory, there are multiple flaws in the way wordpress
handles authentication cookies (e.g. stolen cookie can be reused until password
is changed, cookie is not generated per login session, ...), so stealing
password MD5 hash from DB is probably not the only attack vector.
Moreover, there does not seem to be any official upstream fix at the moment.
Reading the reference I have no idea how to fix it but then just waiting for the
next wordpress release.
Adrian, thanks for the upstream bug link!
New cookie hashing method was introduced in wordpress 2.5 (with it's own issues
- CVE-2008-1930), so closing this bug.