CVE

Id
31510  
CVE No.
CVE-2008-1393  
Status
Candidate  
Description
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.  
Phase
Assigned (20080319)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
338152 31510 CVE-2008-1393 BUGTRAQ:20080313 PR08-02: Plone CMS Security Research - the Art of Plowning  View
338153 31510 CVE-2008-1393 URL:http://www.securityfocus.com/archive/1/archive/1/489544/100/0/threaded  View
338154 31510 CVE-2008-1393 MISC:http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords  View
338155 31510 CVE-2008-1393 MISC:http://plone.org/products/plone/roadmap/48?  View
338156 31510 CVE-2008-1393 MISC:http://www.procheckup.com/Hacking_Plone_CMS.pdf  View
338157 31510 CVE-2008-1393 SREASON:3754  View
338158 31510 CVE-2008-1393 URL:http://securityreason.com/securityalert/3754  View
338159 31510 CVE-2008-1393 XF:plone-accookie-admin-mitm(41427)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
45872 JVNDB-2008-001182 Check Point VPN-1 における IP アドレスの競合によるサービス運用妨害 (DoS) の脆弱性 Check Point VPN-1 には、RFC1918 の ローカル IP アドレスがトンネルの endpoint IP アドレスが同じである場合、また、他の endpoint でのネットワークインターフェース接続で SecuRemote を使用している場合、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。 CVE-2008-1397 31510 6.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001182.html  View