Wordpress Cookie Authentication Vulnerability

A Wordpress cookie vulnerability exploit is floating around in the wild according to the advisory (Full Story link below). Anyone who has (or can get) access to the wp_users table can authenticate as any user, including the administrative user. Passwords are stored in the table as MD5 hashes, but the cookies contain the MD5 of that value (i.e. a double MD5 of the password). Attackers just need to provide the MD5 of the value they find in the database in a cookie to be authenticated as that user. There is no patch and there are no very satisfactory workarounds other than changing every user password and ensuring that no one can access the database after that.

Full Story (comments: 22)