CVE-2007-6013 — CRITICAL (9.8)

Q: How severe is CVE-2007-6013?

CVE-2007-6013 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2007-6013?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Fedoraproject Fedora.

Vulnerability Description

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wordpress	Wordpress	>= 1.5, <= 2.3.1
Fedoraproject	Fedora	7

Related Weaknesses (CWE)

CWE-327

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.htmlBroken Link
http://osvdb.org/40801Broken Link
http://secunia.com/advisories/27714Broken LinkVendor Advisory
http://secunia.com/advisories/28310Broken LinkVendor Advisory
http://securityreason.com/securityalert/3375Broken Link
http://trac.wordpress.org/ticket/5367ExploitIssue Tracking
http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txtThird Party Advisory
http://www.securityfocus.com/archive/1/483927/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1018980Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2007/3941Broken LinkVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38578Third Party AdvisoryVDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.htMailing List
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.htMailing List
http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.htmlBroken Link
http://osvdb.org/40801Broken Link

FAQ

What is CVE-2007-6013?

CVE-2007-6013 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then gene...

How severe is CVE-2007-6013?

CVE-2007-6013 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2007-6013?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Fedoraproject Fedora.