CVE-2008-1393

Published: Mar 20, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

Affected (2)

Products: Plone: Plone Cms

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Plone Plone Cms	Up to 3
Plone Plone Cms	Up to 3.0.5

Related CWEs

References (12)

http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords

Source: cve@mitre.org

Exploit

http://plone.org/products/plone/roadmap/48?

Source: cve@mitre.org

Exploit

http://securityreason.com/securityalert/3754

Source: cve@mitre.org

http://www.procheckup.com/Hacking_Plone_CMS.pdf

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/489544/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/41427

Source: cve@mitre.org

http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://plone.org/products/plone/roadmap/48?

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://securityreason.com/securityalert/3754

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.procheckup.com/Hacking_Plone_CMS.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/489544/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/41427

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.