CVE-2008-1393

Description

Plone CMS before 3, places a base64 encoded form of the username and password in the `__ac` cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

How to fix CVE-2008-1393

To remediate CVE-2008-1393, upgrade the affected package to a fixed version below.

• PyPI/plone—upgrade to 3.0 or later

Is CVE-2008-1393 being exploited?

Low — EPSS is 1.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.0

References (8)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2008-1393
• PATCHgithub.com/plone/Plone
• WEBplone.org/documentation/how-to/secure-login-without-plain-text-passwords
• WEBplone.org/products/plone/roadmap/48
• WEB