CVE-2008-1930 Information
Share on:Description
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME which allows remote attackers to forge cookies by registering a username that results in the same concatenated string as demonstrated by registering usernames beginning with \admin\ to obtain administrator privileges aka a \cryptographic splicing\ issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.
Reference
http://secunia.com/advisories/29965 http://wordpress.org/development/2008/04/wordpress-251/ http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt http://www.securityfocus.com/archive/1/491356/100/0/threaded http://www.securityfocus.com/bid/28935 http://www.securitytracker.com/id?1019923 http://www.vupen.com/english/advisories/2008/1372/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42027