Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1393

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1393
Last Modified 05 Sep 2008 05:37:39
Published 19 Mar 2008 08:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1393

Summary

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

Vulnerable Systems

Application

  • Plone Cms 3

  • Plone Cms 3.0.5


References

BUGTRAQ - 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning

MISC - http://www.procheckup.com/Hacking_Plone_CMS.pdf

MISC - http://plone.org/products/plone/roadmap/48?

MISC - http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords

XF - plone-accookie-admin-mitm(41427)

SREASON - 3754


Last Updated: 27 May 2016 10:47:08