Vulnerabilities > CVE-2008-1396 - Credentials Management vulnerability in Plone CMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |