ID CVE-2008-1393
Summary Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone_cms:3
    cpe:2.3:a:plone:plone_cms:3
  • cpe:2.3:a:plone:plone_cms:3.0.5
    cpe:2.3:a:plone:plone_cms:3.0.5
CVSS
Base: 10.0 (as of 20-03-2008 - 11:27)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
refmap via4
bugtraq 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning
misc
sreason 3754
xf plone-accookie-admin-mitm(41427)
Last major update 05-09-2008 - 17:37
Published 19-03-2008 - 20:44
Last modified 11-10-2018 - 16:33
Back to Top