Description

A weakness has been discovered in WordPress, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the fact that it is possible to construct the two authentication cookies ("wordpressuser_*" and "wordpresspass_*") from the data in the "users" table. Successful exploitation allows e.g. logging in as administrator, but requires read access to the "users" table of the database. The weakness is confirmed in version 2.3.1 and reported in all previous versions down to and including 1.5.

Remediation

Update to WordPress version 2.5 or latest

References

http://www.securityfocus.com/archive/1/483927

http://core.trac.wordpress.org/ticket/5367

http://packetstormsecurity.org/files/view/61150/wordpress-cookie-auth.txt

Related Vulnerabilities

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2020-13935)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-11494)

Undertow CVE-2022-4492 Vulnerability (CVE-2022-4492)

phpBB CVE-2008-6507 Vulnerability (CVE-2008-6507)

Jboss EAP Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)

Severity

High

Classification

CVE-2007-6013 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass