Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1396

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1396
Last Modified 11 Oct 2008 01:51:53
Published 19 Mar 2008 08:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1396

Summary

Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.

Vulnerable Systems

Application

  • Plone Cms


References

XF - plone-hmacsha1-mitm(41421)

BUGTRAQ - 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning

MISC - http://www.procheckup.com/Hacking_Plone_CMS.pdf

SREASON - 3754


Last Updated: 27 May 2016 10:47:08