Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-1930

Опубликовано: 28 апр. 2008
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.06181
Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

ubuntu
больше 17 лет назад

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

debian
больше 17 лет назад

The cookie authentication method in WordPress 2.5 relies on a hash of ...

github
больше 3 лет назад

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

EPSS

Процентиль: 90%
0.06181
Низкий

7.5 High

CVSS2

Дефекты

CWE-287