CVE-2008-1930

Name of the Vulnerable Software and Affected Versions WordPress version 2.5

Description The issue concerns the cookie authentication method, which relies on a hash of a concatenated string containing the USERNAME and EXPIRY TIME. This allows remote attackers to forge cookies by registering a username that results in the same concatenated string. For example, registering usernames beginning with "admin" can lead to obtaining administrator privileges. This is related to a "cryptographic splicing" issue.

Recommendations For WordPress version 2.5, consider updating to a newer version that addresses this issue, as the current authentication method is susceptible to cookie forgery attacks. As a temporary workaround, restrict user registration to prevent attackers from registering usernames that could be used to exploit this issue.