WordPress Predictable Cookie Generation Information Disclosure Vulnerability
BID:24309
Info
WordPress Predictable Cookie Generation Information Disclosure Vulnerability
| Bugtraq ID: | 24309 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | Jun 04 2007 11:40PM |
| Credit: | Sid is credited with the discovery of this issue. |
| Vulnerable: |
WordPress Wordpress (B2) 0.6.2 .1 WordPress Wordpress (B2) 0.6.2 WordPress WordPress 2.1.3 WordPress WordPress 2.1.3 WordPress WordPress 2.1.2 WordPress WordPress 2.1.1 WordPress WordPress 2.0.10 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 WordPress WordPress 1.2 WordPress WordPress 0.71 WordPress WordPress 0.7 WordPress WordPress 2.2 WordPress WordPress 2.1.3-RC2 WordPress WordPress 2.1.3-RC1 WordPress WordPress 2.1 WordPress WordPress 2.0.10-RC2 WordPress WordPress 2.0.10-RC1 |
| Not Vulnerable: | |
Discussion
WordPress Predictable Cookie Generation Information Disclosure Vulnerability
WordPress is prone to an information-disclosure vulnerability because it generates author cookies in a predictable manner.
Attackers can exploit this issue to view unmoderated comments which could contain potentially sensitive information.
WordPress 2.2 and prior versions are vulnerable.
WordPress is prone to an information-disclosure vulnerability because it generates author cookies in a predictable manner.
Attackers can exploit this issue to view unmoderated comments which could contain potentially sensitive information.
WordPress 2.2 and prior versions are vulnerable.
Exploit / POC
WordPress Predictable Cookie Generation Information Disclosure Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
WordPress Predictable Cookie Generation Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
WordPress Predictable Cookie Generation Information Disclosure Vulnerability
References:
References: