Lucene search
HistoryMar 20, 2008 - 12:44 a.m.
CVE-2008-1396
plone cms
vulnerability
remote attackers
permanent access
network sniffing
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
Affected configurations
Node
ploneplone_cms
| CPE | Name | Operator | Version |
|---|---|---|---|
| plone:plone_cms | plone plone cms | eq | * |
Related
osv
osv
Plone credentials stored in session cookie
2022-05-01 23:39:47
cvelist
cvelist
CVE-2008-1396
2008-03-20 00:00:00
nvd
nvd
CVE-2008-1396
2008-03-20 00:44:00
prion
prion
Authentication flaw
2008-03-20 00:44:00
ubuntucve
ubuntucve
CVE-2008-1396
2008-03-20 00:00:00
github
github
Plone credentials stored in session cookie
2022-05-01 23:39:47
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
Related for CVE-2008-1396