Vulnerability Details CVE-2008-1394
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://plone.org/about/security/overview/security-overview-of-plone/
- http://securityreason.com/securityalert/3754
- http://www.procheckup.com/Hacking_Plone_CMS.pdf
- http://www.securityfocus.com/archive/1/489544/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
- http://plone.org/about/security/overview/security-overview-of-plone/
- http://securityreason.com/securityalert/3754
- http://www.procheckup.com/Hacking_Plone_CMS.pdf
- http://www.securityfocus.com/archive/1/489544/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
Products affected by CVE-2008-1394
-
cpe:2.3:a:plone:plone_cms:*
-
cpe:2.3:a:plone:plone_cms:2.0.5
-
cpe:2.3:a:plone:plone_cms:2.1.2
-
cpe:2.3:a:plone:plone_cms:2.1.3
-
cpe:2.3:a:plone:plone_cms:2.5