CVE-2008-1396

Name of the Vulnerable Software and Affected Versions Plone CMS versions 3.x through 3.1.x

Description The issue allows remote attackers to gain permanent access to an account by sniffing the network, due to the use of invariant data when calculating an HMAC-SHA1 value for an authentication cookie. This makes it easier for attackers to exploit the system.

Recommendations For Plone CMS versions 3.x through 3.1.x, consider updating the authentication mechanism to use more secure and variable data when calculating the HMAC-SHA1 value for authentication cookies, to prevent remote attackers from gaining permanent access to accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.