Moderate severityNVD Advisory· Published Mar 20, 2008· Updated Jun 16, 2026
CVE-2008-1396
CVE-2008-1396
Description
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
plonePyPI | <= 3.1.7 | — |
Affected products
2- cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-hjp5-hv33-q58gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-1396ghsaADVISORY
- securityreason.com/securityalert/3754nvdWEB
- www.procheckup.com/Hacking_Plone_CMS.pdfnvdWEB
- www.securityfocus.com/archive/1/489544/100/0/threadednvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/41421nvdWEB
News mentions
0No linked articles in our index yet.