CVE-2008-1394: Plone CMS Improper Session Management

May 1, 2022 (updated May 14, 2024)

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.

References

exchange.xforce.ibmcloud.com/vulnerabilities/41425
github.com/advisories/GHSA-mq3q-jjph-rp5p
github.com/plone/Plone
nvd.nist.gov/vuln/detail/CVE-2008-1394

Detect and mitigate CVE-2008-1394 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →