2
Candidate: CVE-2008-1930
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1930
6
The cookie authentication method in WordPress 2.5 relies on a hash of a
7
concatenated string containing USERNAME and EXPIRY_TIME, which allows
8
remote attackers to forge cookies by registering a username that results in
9
the same concatenated string, as demonstrated by registering usernames
10
beginning with "admin" to obtain administrator privileges, aka a
11
"cryptographic splicing" issue. NOTE: this vulnerability exists because of
12
an incomplete fix for CVE-2007-6013.
15
wgrant> Only in 2.5, so >= intrepid.
22
upstream_wordpress: released (2.5.1)
23
dapper_wordpress: not-affected
24
feisty_wordpress: not-affected
25
gutsy_wordpress: not-affected
26
hardy_wordpress: not-affected
27
devel_wordpress: not-affected