CVE-2012-6707

HIGH Year: 2012
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-326
View all →

Vulnerability Description

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.

Related Vulnerabilities

CVE-2002-1697

HIGH
CVSS:7.5(High)

Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain se...

CWE-3262002

CVE-2002-1872

HIGH
CVSS:7.5(High)

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

CWE-3262002

CVE-2002-1910

HIGH
CVSS:7.5(High)

Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.

CWE-3262002

CVE-2004-2172

HIGH
CVSS:7.5(High)

EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

CWE-3262004

CVE-2005-2281

HIGH
CVSS:7.5(High)

WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.

CWE-3262005

CVE-2011-3629

HIGH
CVSS:7.5(High)

Joomla! core 1.7.1 allows information disclosure due to weak encryption

CWE-3262011