9.8

CVE-2007-6013

Exploit

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Data is provided by the National Vulnerability Database (NVD)
WordpressWordpress Version >= 1.5 <= 2.3.1
FedoraprojectFedora Version7
FedoraprojectFedora Version8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.39% 0.798
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

http://secunia.com/advisories/27714
Vendor Advisory
Broken Link
http://secunia.com/advisories/28310
Vendor Advisory
Broken Link
http://www.securityfocus.com/archive/1/483927/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1018980
Third Party Advisory
Broken Link
VDB Entry