{"id":"CVE-2007-6013","details":"Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.","modified":"2026-04-10T03:39:29.072056Z","published":"2007-11-19T21:46:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/27714"},{"type":"ADVISORY","url":"http://secunia.com/advisories/28310"},{"type":"ADVISORY","url":"http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-auth.txt"},{"type":"ADVISORY","url":"http://www.securityfocus.com/archive/1/483927/100/0/threaded"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id?1018980"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2007/3941"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/38578"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html"},{"type":"ARTICLE","url":"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html"},{"type":"EVIDENCE","url":"http://trac.wordpress.org/ticket/5367"},{"type":"REPORT","url":"http://trac.wordpress.org/ticket/5367"},{"type":"WEB","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058576.html"},{"type":"WEB","url":"http://osvdb.org/40801"},{"type":"WEB","url":"http://securityreason.com/securityalert/3375"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/483927/100/0/threaded"},{"type":"WEB","url":"http://www.securitytracker.com/id?1018980"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}