CVE-2008-1395

Published: Mar 20, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

3754

third-party-advisory

x_refsource_SREASON

20080313 PR08-02: Plone CMS Security Research - the Art of Plowning

mailing-list

x_refsource_BUGTRAQ

plone-authenticationstate-weak-security(41423)

vdb-entry

x_refsource_XF

http://www.procheckup.com/Hacking_Plone_CMS.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-1395

Description

Affected Products

References