Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
Software | From | Fixed in |
---|---|---|
plone / plone_cms | - | 2.5.1.x |
plone / plone_cms | 2.0.5 | 2.0.5.x |
plone / plone_cms | 2.1.2 | 2.1.2.x |
plone / plone_cms | 2.1.3-rc1 | 2.1.3-rc1.x |
plone / plone_cms | 2.5 | 2.5.x |
plone / plone_cms | 2.5-beta1 | 2.5-beta1.x |
plone / plone_cms | 2.5-beta2 | 2.5-beta2.x |