Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Hi Kai, just wanted to let you know that we treat this as low and not as unimportant for now since it could be well used in combination with other vulnerabilities. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp3Hmf19nWWB.pgp Description: PGP signature
Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Hi Kai, * Kai Hendry [EMAIL PROTECTED] [2007-11-22 23:31]: http://trac.wordpress.org/ticket/5367 This attack requires read access to the database. So this security bug is quite a non-event for me. Upstream are dealing with this, though I'll probably mark this bug as minor. When I submitted the bug I already made a comment to this in the bug tracker. I agree with you here. See: http://security-tracker.debian.net/tracker/CVE-2007-6013 I will mark this as 'unimportant' if noone shouts out in the next days. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgptyADZzIVAl.pgp Description: PGP signature
Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
http://trac.wordpress.org/ticket/5367 This attack requires read access to the database. So this security bug is quite a non-event for me. Upstream are dealing with this, though I'll probably mark this bug as minor. G'nite, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Package: wordpress Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for wordpress. CVE-2007-6013[0]: | Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a | password MD5 hash, which allows attackers to bypass authentication by | obtaining the MD5 hash from the user database, then generating the | authentication cookie from that hash. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6013 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpVH13c8acOP.pgp Description: PGP signature
Bug#452251: CVE-2007-6013 authentication bypass for users with read permissions to the wordpress table
Thanks for the heads up. I've let upstream know and I am waiting for a response from them. Kind regards, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]