6.8
CVSSv2

CVE-2007-6013

Published: 19/11/2007 Updated: 15/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Wordpress 1.5 up to and including 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows malicious users to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 1.5

wordpress wordpress 1.5-strayhorn

wordpress wordpress 2.0.10

wordpress wordpress 2.0.11

wordpress wordpress 2.1

wordpress wordpress 2.1.1

wordpress wordpress 1.5.1.2

wordpress wordpress 1.5.1.3

wordpress wordpress 1.5.2

wordpress wordpress 2.0.6

wordpress wordpress 2.0.7

wordpress wordpress 2.0

wordpress wordpress 2.2.3

wordpress wordpress 2.0.1

wordpress wordpress 2.0.4

wordpress wordpress 2.2

wordpress wordpress 2.1.3

wordpress wordpress 2.1.2

wordpress wordpress 2.0.5

wordpress wordpress 2.2.2

wordpress wordpress 1.5.1.1

wordpress wordpress 2.0.9

wordpress wordpress 2.2.1

wordpress wordpress 2.3.1

wordpress wordpress 1.5.1

wordpress wordpress 2.0.8

wordpress wordpress 2.3

Vendor Advisories

Debian Bug report logs - #452251 CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, ...