Launchpad CVE tracker

CVE 2007-6013

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Related bugs and status

CVE-2007-6013 (Candidate) is related to these bugs:

Bug #172440: [CVE-2007-6013] Authentication cookies easily derivable from password hash

		In	Importance	Status
172440	[CVE-2007-6013] Authentication cookies easily derivable from password hash	wordpress (Ubuntu)	Medium	Fix Released
172440	[CVE-2007-6013] Authentication cookies easily derivable from password hash	wordpress (Debian)	Unknown	Fix Released
172440	[CVE-2007-6013] Authentication cookies easily derivable from password hash	WordPress	Unknown	Fix Released
172440	[CVE-2007-6013] Authentication cookies easily derivable from password hash	wordpress (Ubuntu Dapper)	Undecided	Won't Fix
172440	[CVE-2007-6013] Authentication cookies easily derivable from password hash	wordpress (Ubuntu Feisty)	Undecided	Won't Fix
172440	[CVE-2007-6013] Authentication cookies easily derivable from password hash	wordpress (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-6013

References