Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1394

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1394
Last Modified 15 Oct 2009 12:00:00
Published 19 Mar 2008 08:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1394

Summary

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Vulnerable Systems

Application

  • Plone Cms 2.0.5

  • Plone Cms 2.1.2

  • Plone Cms 2.1.3

  • Plone Cms 2.5

  • Plone Cms 2.5.1


References

XF - plone-accookie-mitm(41425)

BUGTRAQ - 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning

MISC - http://www.procheckup.com/Hacking_Plone_CMS.pdf

SREASON - 3754

CONFIRM - http://plone.org/about/security/overview/security-overview-of-plone/


Last Updated: 27 May 2016 10:47:08