Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table

Related Vulnerabilities: CVE-2007-6013  

Source

Debian Bug report logs - #452251
CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table

Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debian.org>; Source for wordpress is src:wordpress (PTS, buildd, popcon).

Reported by: Nico Golde <nion@debian.org>

Date: Wed, 21 Nov 2007 11:48:02 UTC

Severity: minor

Tags: fixed, security

Done: "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#452251; Package wordpress. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Date: Wed, 21 Nov 2007 12:47:09 +0100
[Message part 1 (text/plain, inline)]
Package: wordpress
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wordpress.

CVE-2007-6013[0]:
| Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a
| password MD5 hash, which allows attackers to bypass authentication by
| obtaining the MD5 hash from the user database, then generating the
| authentication cookie from that hash.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6013

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#452251; Package wordpress. (full text, mbox, link).

Message #8 received at 452251@bugs.debian.org (full text, mbox, reply):

From: Kai Hendry <hendry@iki.fi>
To: Nico Golde <nion@debian.org>, 452251@bugs.debian.org
Subject: Re: Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Date: Wed, 21 Nov 2007 20:36:39 +0000
Thanks for the heads up. I've let upstream know and I am waiting for a
response from them. Kind regards,

Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#452251; Package wordpress. (full text, mbox, link).

Acknowledgement sent to "Kai Hendry" <hendry@iki.fi>:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #13 received at 452251@bugs.debian.org (full text, mbox, reply):

From: "Kai Hendry" <hendry@iki.fi>
To: "Nico Golde" <nion@debian.org>, 452251@bugs.debian.org
Subject: Re: Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Date: Thu, 22 Nov 2007 22:27:45 +0000
http://trac.wordpress.org/ticket/5367

This attack requires read access to the database. So this "security"
bug is quite a non-event for me.

Upstream are dealing with this, though I'll probably mark this bug as minor.

G'nite,

Severity set to `minor' from `important' Request was from "Kai Hendry" <hendry@iki.fi> to control@bugs.debian.org. (Thu, 22 Nov 2007 22:30:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#452251; Package wordpress. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #20 received at 452251@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: Kai Hendry <hendry@iki.fi>
Cc: 452251@bugs.debian.org
Subject: Re: Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Date: Fri, 23 Nov 2007 00:19:49 +0100
[Message part 1 (text/plain, inline)]
Hi Kai,
* Kai Hendry <hendry@iki.fi> [2007-11-22 23:31]:
> http://trac.wordpress.org/ticket/5367
> 
> This attack requires read access to the database. So this "security"
> bug is quite a non-event for me.
> 
> Upstream are dealing with this, though I'll probably mark this bug as minor.

When I submitted the bug I already made a comment to this in 
the bug tracker. I agree with you here. See:
http://security-tracker.debian.net/tracker/CVE-2007-6013

I will mark this as 'unimportant' if noone shouts out in the 
next days.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Severity set to `important' from `minor' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sun, 02 Dec 2007 18:51:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#452251; Package wordpress. (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #27 received at 452251@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>
To: 452251@bugs.debian.org
Subject: Re: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Date: Sun, 2 Dec 2007 19:51:06 +0100
[Message part 1 (text/plain, inline)]
Hi Kai,
just wanted to let you know that we treat this as low and 
not as unimportant for now since it could be well used in 
combination with other vulnerabilities.
Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Severity set to `minor' from `important' Request was from "Kai Hendry" <hendry@iki.fi> to control@bugs.debian.org. (Wed, 05 Mar 2008 09:51:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#452251; Package wordpress. (full text, mbox, link).

Acknowledgement sent to "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #34 received at 452251@bugs.debian.org (full text, mbox, reply):

From: "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>
To: 452251@bugs.debian.org
Subject: fixed in 2.5
Date: Wed, 16 Apr 2008 18:55:22 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The bug was completely fixed in 2.5.0 (that is already in sid).

I'll close the bug with the next package upload.

Andrea De Iacovo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIBi9VMXahCK22/rwRArkCAJ4s0RGfo6nYMD/RmJFVqZ/oDAI+CQCfYfc1
ZzVX/JOu5PR6UB5AC5gLL6I=
=6jXq
-----END PGP SIGNATURE-----

Tags added: fixed Request was from "Andrea De Iacovo" <andrea.de.iacovo@gmail.com> to control@bugs.debian.org. (Wed, 16 Apr 2008 17:00:04 GMT) (full text, mbox, link).

Reply sent to "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #41 received at 452251-done@bugs.debian.org (full text, mbox, reply):

From: "Andrea De Iacovo" <andrea.de.iacovo@gmail.com>
To: 452251-done@bugs.debian.org
Date: Tue, 29 Apr 2008 00:04:24 +0200
As I said the bug was fixed.

Thank you.

Andrea
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIFknfMXahCK22/rwRAh9KAKCGv93ODowVDlzA6z6jOLuG1UewmACeOKQB
pPWzB1ZbXrHosr5ArsK0mtA=
=k76o
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 27 May 2008 07:31:56 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:44:45 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started