Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6013 to the following vulnerability: Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. References: http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt http://www.securityfocus.com/archive/1/archive/1/483927/100/0/threaded According to the advisory, there are multiple flaws in the way wordpress handles authentication cookies (e.g. stolen cookie can be reused until password is changed, cookie is not generated per login session, ...), so stealing password MD5 hash from DB is probably not the only attack vector. Moreover, there does not seem to be any official upstream fix at the moment.
Reading the reference I have no idea how to fix it but then just waiting for the next wordpress release.
http://trac.wordpress.org/ticket/5367
Adrian, thanks for the upstream bug link!
New cookie hashing method was introduced in wordpress 2.5 (with it's own issues - CVE-2008-1930), so closing this bug.