vulnerability

Wordpress: CVE-2012-6707: Inadequate Encryption Strength

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	2017-10-19	2017-11-23	2019-05-23

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

2017-10-19

Added

2017-11-23

Modified

2019-05-23

Description

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.

Solution

wordpress-upgrade-4_8_3

References

CVE-2012-6707
https://attackerkb.com/topics/CVE-2012-6707

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today