6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
60.5%
Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.
archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html
www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html