CVE-2008-1930 — Improper Authentication in Wordpress

CWE-287 — Improper Authentication7 documents6 sources

Severity

7.5HIGHNVD

OSV9.8

EPSS

8.5%

top 7.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedApr 28

Latest updateMay 1

Description

The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 2.5.1-1 (bookworm)

▶Debianwordpress/wordpress< 2.5.1-1+3

▶NVDwordpress/wordpress2.5

Patches

Patch: wordpress.org ↗Patch: www.securityfocus.com ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-m86r-5c2c-w6rq: The cookie authentication method in WordPress 2↗2022-05-01

▶

OSV

CVE-2008-1930: The cookie authentication method in WordPress 2↗2008-04-28

▶

📋Vendor Advisories

Red Hat

wordpress: security fixes in upstream version 2.5.1 (CVE-2008-1930, CVE-2008-2068)↗2008-04-25

▶

Debian

CVE-2008-1930: wordpress - The cookie authentication method in WordPress 2.5 relies on a hash of a concaten...↗2008

▶

💬Community

Bugzilla

wordpress: security fixes in upstream version 2.5.1 (CVE-2008-1930, CVE-2008-2068)↗2008-04-28

▶

Bugzilla

CVE-2007-6013 wordpress cookie authentication vulnerability↗2007-11-20

▶