CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-1393

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1080%
EPSS Percentile29.28th
Published2008年3月20日
Last Modified2026年4月23日

Vulnerability Description

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

Affected Platforms (CPE)

📦
Plone

Plone Cms

<= 3
📦
Plone

Plone Cms

<= 3.0.5

References & Advisories

🔗 http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords
🔗 http://plone.org/products/plone/roadmap/48?
🔗 http://securityreason.com/securityalert/3754
🔗 http://www.procheckup.com/Hacking_Plone_CMS.pdf
🔗 http://www.securityfocus.com/archive/1/489544/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41427
🔗 http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords
🔗 http://plone.org/products/plone/roadmap/48?

関連する脆弱性情報

CVE-2021-339268.8

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5...

CVE-2008-13957.5

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes i...

CVE-2008-13947.5

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes...

CVE-2016-71366.1

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attac...