CVE Vulnerabilities

CVE-2008-1396

Published: Mar 20, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.

Affected Software

Name Vendor Start Version End Version
Plone_cms Plone * *
Zope-cmfplone Ubuntu dapper *
Zope-cmfplone Ubuntu edgy *
Zope-cmfplone Ubuntu feisty *
Zope-cmfplone Ubuntu gutsy *
Zope-cmfplone Ubuntu hardy *
Zope-cmfplone Ubuntu intrepid *

References