PT-2008-2975 · Plone · Plone Cms
Adrian Pastor
+2
·
Publicado
2008-03-20
·
Atualizado
2022-05-01
·
CVE-2008-1394
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Plone CMS versions prior to 3
Description
The issue allows remote attackers to obtain access by sniffing the network, as a base64 encoded form of the
username and password is placed in the ac cookie for all user accounts.Recommendations
For versions prior to 3, consider disabling the use of the
ac cookie or restricting access to sensitive areas of the CMS until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability. Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Plone Cms