Vulnerability Details CVE-2008-1394
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://plone.org/about/security/overview/security-overview-of-plone/
- http://securityreason.com/securityalert/3754
- http://www.procheckup.com/Hacking_Plone_CMS.pdf
- http://www.securityfocus.com/archive/1/489544/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
- http://plone.org/about/security/overview/security-overview-of-plone/
- http://securityreason.com/securityalert/3754
- http://www.procheckup.com/Hacking_Plone_CMS.pdf
- http://www.securityfocus.com/archive/1/489544/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
Products affected by CVE-2008-1394
-
cpe:2.3:a:plone:plone_cms:*
-
cpe:2.3:a:plone:plone_cms:2.0.5
-
cpe:2.3:a:plone:plone_cms:2.1.2
-
cpe:2.3:a:plone:plone_cms:2.1.3
-
cpe:2.3:a:plone:plone_cms:2.5