CVE-2008-1393
Published: 20 March 2008
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
Priority
Status
Package | Release | Status |
---|---|---|
zope-cmfplone Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|