ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.5 - Cookie Integrity Protection Vulnerability

Product
WordPress
Description
The attackers can forge cookies by registering a username that results in the same concatenated string, because the cookie authentication method relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME.
Solution
Update WordPress to version 2.5.1.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2008-1930
Versions
Affected In <= 2.5
Fixed In 2.6
Disclosure date
2008-04-23
Credits
Steven J. Murdoch