CVE-2008-1394

Published: Mar 20, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

3754

third-party-advisory

x_refsource_SREASON

20080313 PR08-02: Plone CMS Security Research - the Art of Plowning

mailing-list

x_refsource_BUGTRAQ

http://plone.org/about/security/overview/security-overview-of-plone/

x_refsource_CONFIRM

http://www.procheckup.com/Hacking_Plone_CMS.pdf

x_refsource_MISC

plone-accookie-mitm(41425)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-1394

Description

Affected Products

References