CVE-2008-1393: Plone Improper Session Management

May 1, 2022 (updated May 14, 2024)

Plone CMS before 3, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.

References

exchange.xforce.ibmcloud.com/vulnerabilities/41427
github.com/advisories/GHSA-593c-j348-f3gv
github.com/plone/Plone
nvd.nist.gov/vuln/detail/CVE-2008-1393

Detect and mitigate CVE-2008-1393 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →