Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
Max Base Score | 6.8 |
Published | 2007-11-19 |
Updated | 2018-10-15 |
EPSS | 1.33% |
1 vulnerabilities found