CVE-2008-1393
Plone CMS before version 3 (e.g., 3.0.5 and likely other 3.x) stores a base64-encoded form of the admin username and password in the __ac cookie, enabling an attacker who can sniff network traffic to obtain administrative privileges. Connected advisories (GHSA-593C-J348-F3GV; OSV) corroborate imp...