PT-2005-5354 · Six Apart · Movable Type

Published

2005-12-31

Updated

2008-09-05

CVE-2005-4689

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Six Apart Movable Type version 3.16

Description The issue allows remote attackers to login to an account by sniffing a cookie that contains account names and password hashes.

Recommendations For version 3.16, consider implementing secure cookie handling practices to prevent unauthorized access, such as using secure protocols for cookie transmission and restricting access to sensitive information stored in cookies.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4689

Affected Products

Movable Type

PT-2005-5354 · Six Apart · Movable Type

CVE-2005-4689

Related Identifiers

Affected Products

References · 4