CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-1394

HIGH
7.5
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile7.07th
Published2008年3月20日
Last Modified2026年4月23日

Vulnerability Description

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Affected Platforms (CPE)

📦
Plone

Plone Cms

<= 2.5.1
📦
Plone

Plone Cms

= 2.0.5
📦
Plone

Plone Cms

= 2.1.2
📦
Plone

Plone Cms

= 2.1.3
📦
Plone

Plone Cms

= 2.5
📦
Plone

Plone Cms

= 2.5
📦
Plone

Plone Cms

= 2.5

References & Advisories

🔗 http://plone.org/about/security/overview/security-overview-of-plone/
🔗 http://securityreason.com/securityalert/3754
🔗 http://www.procheckup.com/Hacking_Plone_CMS.pdf
🔗 http://www.securityfocus.com/archive/1/489544/100/0/threaded
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41425
🔗 http://plone.org/about/security/overview/security-overview-of-plone/
🔗 http://securityreason.com/securityalert/3754
🔗 http://www.procheckup.com/Hacking_Plone_CMS.pdf

相关漏洞威胁

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-339268.8

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5...

CVE-2008-13957.5

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes i...

CVE-2016-71366.1

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attac...