WordPress Predictable Cookie Generation Information Disclosure Vulnerability
TITLE: WordPress Predictable Cookie Generation Information Disclosure Vulnerability
CLASS: Access Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 04 2007 12:00AM
UPDATE: Jun 04 2007 11:40PM
CREDIT: Sid is credited with the discovery of this issue.
VULNERABLE:
WordPress Wordpress (B2) 0.6.2 .1NOT VULNERABLE:
WordPress Wordpress (B2) 0.6.2
WordPress WordPress 2.1.3
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 1.5.2
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2
WordPress WordPress 0.71
WordPress WordPress 0.7
WordPress WordPress 2.2
WordPress WordPress 2.1.3-RC2
WordPress WordPress 2.1.3-RC1
WordPress WordPress 2.1
WordPress WordPress 2.0.10-RC2
WordPress WordPress 2.0.10-RC1
Vai alla pagina originale su Security Focus
Discussion
Wordpress is prone to an information-disclosure vulnerability because it generates author cookies in a predictable manner.
Attackers can exploit this issue to view unmoderated comments which could contain potentially sensitive information.
Wordpress 2.2 and prior versions are vulnerable.
Exploit
An attacker can exploit this issue via a web client.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- WordPress Homepage (WordPress)
- Wordpress Unauthorized Comment Disclosure (Sid)