Vulnerabilities > CVE-2008-1394 - Credentials Management vulnerability in Plone CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |