Source: wordpress Version: 4.8.3+dfsg-1 Severity: normal Tags: security upstream Forwarded: https://core.trac.wordpress.org/ticket/21022 Control: found -1 4.1+dfsg-1
Hi, the following vulnerability was published for wordpress, this bugreport is mainly just to track the upstream report. A patch has been posted several months ago on that upstream bugreport at [1]/ CVE-2012-6707[0]: | WordPress through 4.8.2 uses a weak MD5-based password hashing | algorithm, which makes it easier for attackers to determine cleartext | values by leveraging access to the hash values. NOTE: the approach to | changing this may not be fully compatible with certain use cases, such | as migration of a WordPress site from a web host that uses a recent PHP | version to a different web host that uses PHP 5.2. These use cases are | plausible (but very unlikely) based on statistics showing widespread | deployment of WordPress with obsolete PHP versions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2012-6707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707 [1] https://core.trac.wordpress.org/ticket/21022 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team