CVE-2007-6013
- Source
- https://cve.org/CVERecord?id=CVE-2007-6013
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-6013.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2007-6013
- Downstream
- Published
- 2007-11-19T21:46:00Z
- Modified
- 2026-04-10T03:39:29.072056Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
- References
-
- http://secunia.com/advisories/27714
- http://secunia.com/advisories/28310
- http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt
- http://www.securityfocus.com/archive/1/483927/100/0/threaded
- http://www.securitytracker.com/id?1018980
- http://www.vupen.com/english/advisories/2007/3941
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38578
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html
- http://trac.wordpress.org/ticket/5367
- http://trac.wordpress.org/ticket/5367
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html
- http://osvdb.org/40801
- http://securityreason.com/securityalert/3375
- http://www.securityfocus.com/archive/1/483927/100/0/threaded
- http://www.securitytracker.com/id?1018980