CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1394

HIGH
7.5
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile7.07th
PublishedMar 20, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Affected Platforms (CPE)

πŸ“¦
Plone

Plone Cms

<= 2.5.1
πŸ“¦
Plone

Plone Cms

= 2.0.5
πŸ“¦
Plone

Plone Cms

= 2.1.2
πŸ“¦
Plone

Plone Cms

= 2.1.3
πŸ“¦
Plone

Plone Cms

= 2.5
πŸ“¦
Plone

Plone Cms

= 2.5
πŸ“¦
Plone

Plone Cms

= 2.5

References & Advisories

πŸ”— http://plone.org/about/security/overview/security-overview-of-plone/
πŸ”— http://securityreason.com/securityalert/3754
πŸ”— http://www.procheckup.com/Hacking_Plone_CMS.pdf
πŸ”— http://www.securityfocus.com/archive/1/489544/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
πŸ”— http://plone.org/about/security/overview/security-overview-of-plone/
πŸ”— http://securityreason.com/securityalert/3754
πŸ”— http://www.procheckup.com/Hacking_Plone_CMS.pdf

Related Vulnerabilities

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-339268.8

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5...

CVE-2008-13957.5

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes i...

CVE-2016-71366.1

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attac...