CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-1393

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.3%

CVSS Severity

CVSS v2 Score 10.0

References

http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords
http://plone.org/products/plone/roadmap/48?
http://securityreason.com/securityalert/3754
http://www.procheckup.com/Hacking_Plone_CMS.pdf
http://www.securityfocus.com/archive/1/489544/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41427
http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords
http://plone.org/products/plone/roadmap/48?
http://securityreason.com/securityalert/3754
http://www.procheckup.com/Hacking_Plone_CMS.pdf
http://www.securityfocus.com/archive/1/489544/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41427

Products affected by CVE-2008-1393

Plone » Plone Cms » Version: Any

cpe:2.3:a:plone:plone_cms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-1393

Products

Pricing

Contact Us