Vulnerability Details : CVE-2008-1393
Potential exploit
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
Products affected by CVE-2008-1393
- cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1393
1.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1393
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-1393
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1393
-
http://www.procheckup.com/Hacking_Plone_CMS.pdf
Not Found
-
http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords
Exploit
-
http://securityreason.com/securityalert/3754
Plone CMS Security Research - the Art of Plowning - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41427
Plone __ac cookie admin man-in-the-middle CVE-2008-1393 Vulnerability Report
-
http://www.securityfocus.com/archive/1/489544/100/0/threaded
-
http://plone.org/products/plone/roadmap/48?
Exploit
Jump to