Title: WordPress Cookie Authentication Vulnerability
Last modified: August 18, 2016

---

# WordPress Cookie Authentication Vulnerability

 *  [kodaksken](https://wordpress.org/support/users/kodaksken/)
 * (@kodaksken)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/wordpress-cookie-authentication-vulnerability/)
 * Systems Affected:
 * WordPress 1.5 — 2.3.1 (including current version, as of 2007-11-19)
 * Overview:
 * With read-only access to the WordPress database, it is possible to generate a
   valid login cookie for any account, without resorting to a brute force attack.
 * This allows a limited SQL injection vulnerability to be escalated into administrator
   access.
 * href=”[http://lwn.net/Articles/259204″&gt](http://lwn.net/Articles/259204″&gt);

Viewing 1 replies (of 1 total)

 *  [MichaelH](https://wordpress.org/support/users/michaelh/)
 * (@michaelh)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/wordpress-cookie-authentication-vulnerability/#post-657328)
 * This was report via [Trac ticket 5367](http://trac.wordpress.org/ticket/5367)
 * Also this wp-hackers thread:
    [http://comox.textdrive.com/pipermail/wp-hackers/2007-November/016183.html](http://comox.textdrive.com/pipermail/wp-hackers/2007-November/016183.html)

Viewing 1 replies (of 1 total)

The topic ‘WordPress Cookie Authentication Vulnerability’ is closed to new replies.

## Tags

 * [authentication](https://wordpress.org/support/topic-tag/authentication/)
 * [cookie](https://wordpress.org/support/topic-tag/cookie/)
 * [login](https://wordpress.org/support/topic-tag/login/)
 * [sql injection](https://wordpress.org/support/topic-tag/sql-injection/)

 * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
 * 1 reply
 * 2 participants
 * Last reply from: [MichaelH](https://wordpress.org/support/users/michaelh/)
 * Last activity: [18 years, 5 months ago](https://wordpress.org/support/topic/wordpress-cookie-authentication-vulnerability/#post-657328)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics