漏洞信息详情

WordPress Cookie完整性保护非授权访问漏洞

  • CNNVD编号:CNNVD-200804-412
  • 危害等级: 中危
  • CVE编号: CVE-2008-1930
  • 漏洞类型: 授权问题
  • 发布时间: 2008-04-28
  • 威胁类型: 远程
  • 更新时间: 2008-11-15
  • 厂        商: wordpress
  • 漏洞来源: Steven J. Murdoch ...

漏洞简介

WordPress是一款免费的论坛Blog系统。

从2.5版本开始Wordpress使用加密保护的cookie认证登录用户。新的cookie形式为:

\"wordpress_\".COOKIEHASH = USERNAME . \"|\" . EXPIRY_TIME . \"|\" . MAC

MAC是由USERNAME和EXPIRY_TIME所生成的密钥计算得出的。由于USERNAME和EXPIRY_TIME在MAC计算中没有分隔开,因此如果USERNAME和EXPIRY_TIME连接后没有变化的话,攻击者就可以未经改变MAC便修改cookie。

成功利用这个漏洞的攻击者可能以admin开始的用户名创建帐号,然后控制登录这个帐号所返回的cookie,导致获得管理帐号的控制。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

WordPress WordPress 2.5

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1.3-RC1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.10-RC1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2 Revision 5003

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.3

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.10-RC2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2 Revision 5002

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1.3-RC2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.2.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.2.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.5

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.5.1 .3

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.5.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.5.1 .2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 1.5.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.10

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.11

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.3

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.4

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.5

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.6

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.0.7

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1.3

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.1.3

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.2.3

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.3.1

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.3.2

WordPress latest.zip

http://wordpress.org/latest.zip

WordPress WordPress 2.3.3

WordPress latest.zip

http://wordpress.org/latest.zip

参考网址

来源: BID

名称: 28935

链接:http://www.securityfocus.com/bid/28935

来源: wordpress.org

链接:http://wordpress.org/development/2008/04/wordpress-251/

来源: SECTRACK

名称: 1019923

链接:http://www.securitytracker.com/id?1019923

来源: BUGTRAQ

名称: 20080425 Wordpress 2.5 Cookie Integrity Protection Vulnerability

链接:http://www.securityfocus.com/archive/1/archive/1/491356/100/0/threaded

来源: VUPEN

名称: ADV-2008-1372

链接:http://www.frsirt.com/english/advisories/2008/1372/references

来源: MISC

链接:http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-integrity.txt

来源: XF

名称: wordpress-cookie-security-bypass(42027)

链接:http://xforce.iss.net/xforce/xfdb/42027

来源: SECUNIA

名称: 29965

链接:http://secunia.com/advisories/29965

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多