NVD

Id
1350  
Name
CVE-2008-1393  
Description
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2008-03-19  
Modified Date
2008-09-05  
Seq
2008-1393  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
8710 1350 CVE-2008-1393 http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords  View
8711 1350 CVE-2008-1393 http://plone.org/products/plone/roadmap/48?  View
8712 1350 CVE-2008-1393 3754  View
8713 1350 CVE-2008-1393 http://www.procheckup.com/Hacking_Plone_CMS.pdf  View
8714 1350 CVE-2008-1393 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning  View
8715 1350 CVE-2008-1393 plone-accookie-admin-mitm(41427)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
50283 JVNDB-2008-005593 Plone CMS における管理権限を取得される脆弱性 Plone CMS は、管理者アカウントの _ac クッキー内に base64 エンコードされた形式のユーザ名およびパスワードを配置するため、管理権限を取得される脆弱性が存在します。 CVE-2008-1393 31506 CVE-2008-1393 1350 10 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005593.html 2008-03-19 2012-12-20 View