1. CVE-Search
  2. CVE-2008-1394
ID CVE-2008-1394
Summary Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone_cms:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone_cms:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone_cms:2.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:2.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone_cms:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone_cms:2.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:2.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone_cms:2.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:2.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2018 - 20:33)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning
confirm http://plone.org/about/security/overview/security-overview-of-plone/
misc http://www.procheckup.com/Hacking_Plone_CMS.pdf
sreason 3754
xf plone-accookie-mitm(41425)
Last major update 11-10-2018 - 20:33
Published 20-03-2008 - 00:44
Last modified 11-10-2018 - 20:33
Back to Top