Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |
||
fedoraproject fedora 8 |
||
fedoraproject fedora 7 |