CVE-2008-1394

Advisory

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• http://www.procheckup.com/Hacking_Plone_CMS.pdf
• http://plone.org/about/security/overview/security-overview-of-plone/
• http://securityreason.com/securityalert/3754
• https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
• http://www.securityfocus.com/archive/1/489544/100/0/threaded
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1394