HIGH

GHSA-mq3q-jjph-rp5p

Plone CMS Improper Session Management

Details

Plone CMS before 3 places a base64 encoded form of the username and password in the `__ac` cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / plone

Introduced in: 0 Fixed in: 3.0

Fix pip install --upgrade 'plone>=3.0'

References

https://nvd.nist.gov/vuln/detail/CVE-2008-1394 [ADVISORY]
https://exchange.xforce.ibmcloud.com/vulnerabilities/41425 [WEB]
https://github.com/plone/Plone [PACKAGE]
http://plone.org/about/security/overview/security-overview-of-plone [WEB]
http://securityreason.com/securityalert/3754 [WEB]
http://www.procheckup.com/Hacking_Plone_CMS.pdf [WEB]
http://www.securityfocus.com/archive/1/489544/100/0/threaded [WEB]