CVE: CVE-2007-6013

Export to Word

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.01393
Percentile: 0.79526

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-327 : Use of a Broken or Risky Cryptographic Algorithm

All CAPEC(s)

CAPEC-20: Encryption Brute Forcing
CAPEC-459: Creating a Rogue Certification Authority Certificate
CAPEC-473: Signature Spoof
CAPEC-475: Signature Spoofing by Improper Validation
CAPEC-608: Cryptanalysis of Cellular Encryption
CAPEC-614: Rooting SIM Cards
CAPEC-97: Cryptanalysis

CAPEC(s) with Mapped TTPs

CAPEC-473: Signature Spoof
Mapped TTPs:
- T1036.001 : Invalid Code Signature
- T1553.002 : Code Signing

Mapped ATT&CK TTPs

T1036.001 : Invalid Code Signature
Kill Chain: defense-evasion
T1553.002 : Code Signing
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

APT41 DUST
SolarWinds Compromise
Operation Honeybee
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015

Affected Products

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*

← Back to Home