CVE-2012-5868

Priority
Description
WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an
administrator's logout action, which makes it easier for remote attackers
to discover valid session identifiers via a brute-force attack, or modify
data via a replay attack.
Notes
ebarrettonon-issue, see:
https://wordpress.org/support/topic/old-bug-cve-2012-5868
Package
Upstream:ignored
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
More Information

Updated: 2020-01-29 19:45:30 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)