GHSA-593c-j348-f3gv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-593c-j348-f3gv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-593c-j348-f3gv/GHSA-593c-j348-f3gv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-593c-j348-f3gv
- Aliases
-
- CVE-2008-1393
- Published
- 2022-05-01T23:39:38Z
- Modified
- 2024-05-19T02:24:36.685059Z
- Summary
- Plone Improper Session Management
- Details
-
Plone CMS before 3, places a base64 encoded form of the username and password in the
__accookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network. - Database specific
{ "github_reviewed": true, "cwe_ids": [], "github_reviewed_at": "2024-05-14T17:20:01Z", "nvd_published_at": "2008-03-20T00:44:00Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-1393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41427
- https://github.com/plone/Plone
- http://plone.org/documentation/how-to/secure-login-without-plain-text-passwords
- http://plone.org/products/plone/roadmap/48?
- http://securityreason.com/securityalert/3754
- http://www.procheckup.com/Hacking_Plone_CMS.pdf
- http://www.securityfocus.com/archive/1/489544/100/0/threaded
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone