Amir Azam

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 3.0.5 through 3.0.6 Plone CMS versions prior to 3.1 **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to perform certain actions without the victim's consent. Specifically, attackers can (1) add arbitrary accounts via the "join form" page and (2) change the privileges of arbitrary groups via the "prefs groups overview" page. **Recommendations** For Plone CMS versions 3.0.5 and 3.0.6, update to version 3.1 or later to resolve the issue. For Plone CMS versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "join form" and "prefs groups overview" pages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions prior to 3.0.6 Plone CMS versions 3.0.5 and earlier **Description** The issue allows remote attackers to obtain administrative privileges by sniffing the network, as a base64 encoded form of the `username` and `password` is placed in the " ac" cookie for the admin account. **Recommendations** For Plone CMS versions prior to 3.0.6, update to version 3.0.6 or later to resolve the issue. For Plone CMS versions 3.0.5 and earlier, update to version 3.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin account until a patch is available. Avoid using the ` ac` cookie in the affected Plone CMS versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions prior to 3 **Description** The issue allows remote attackers to obtain access by sniffing the network, as a base64 encoded form of the `username` and `password` is placed in the ` ac` cookie for all user accounts. **Recommendations** For versions prior to 3, consider disabling the use of the ` ac` cookie or restricting access to sensitive areas of the CMS until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Plone CMS (affected versions not specified) **Description** The issue concerns the handling of user authentication states. Specifically, it does not record users' authentication states and implements the logout feature solely on the client side. This makes it easier for context-dependent attackers to reuse a logged-out session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Plone CMS versions 3.x through 3.1.x **Description** The issue allows remote attackers to gain permanent access to an account by sniffing the network, due to the use of invariant data when calculating an HMAC-SHA1 value for an authentication cookie. This makes it easier for attackers to exploit the system. **Recommendations** For Plone CMS versions 3.x through 3.1.x, consider updating the authentication mechanism to use more secure and variable data when calculating the HMAC-SHA1 value for authentication cookies, to prevent remote attackers from gaining permanent access to accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.