Total vulnerabilities in the database
Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.
| Software | From | Fixed in |
|---|---|---|
| plone / plone_cms | 2.5 | 2.5.x |
| plone / plone_cms | - | 2.5.1.x |
| plone / plone_cms | 2.1.2 | 2.1.2.x |
| plone / plone_cms | 2.5-beta1 | 2.5-beta1.x |
| plone / plone_cms | 2.0.5 | 2.0.5.x |
| plone / plone_cms | 2.5-beta2 | 2.5-beta2.x |
| plone / plone_cms | 2.1.3-rc1 | 2.1.3-rc1.x |