CVE-2005-4689

2022-10-0316:22:45

mitre

www.cve.org

movable type

account info

remote login

security vulnerability

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.

References

archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html

www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html