High severityNVD Advisory· Published Mar 20, 2008· Updated Apr 23, 2026
CVE-2008-1394
CVE-2008-1394
Description
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | < 3.0 | 3.0 |
Affected products
7cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*range: <=2.5.1
- cpe:2.3:a:plone:plone_cms:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:2.1.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:2.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:plone:plone_cms:2.5:beta2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-mq3q-jjph-rp5pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-1394ghsaADVISORY
- plone.org/about/security/overview/security-overview-of-ploneghsaWEB
- securityreason.com/securityalert/3754nvdWEB
- www.procheckup.com/Hacking_Plone_CMS.pdfnvdWEB
- www.securityfocus.com/archive/1/489544/100/0/threadednvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/41425nvdWEB
- plone.org/about/security/overview/security-overview-of-plone/nvd
News mentions
0No linked articles in our index yet.