cpe:/a:plone:plone_cms:2.0.5 cpe:/a:plone:plone_cms:2.1.2 cpe:/a:plone:plone_cms:2.1.3:rc1 cpe:/a:plone:plone_cms:2.5 cpe:/a:plone:plone_cms:2.5:beta1 cpe:/a:plone:plone_cms:2.5:beta2 cpe:/a:plone:plone_cms:2.5.1 CVE-2008-1394 2008-03-19T20:44:00.000-04:00 2017-08-07T21:30:08.197-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-20T11:31:00.000-04:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning SREASON 3754 CONFIRM http://plone.org/about/security/overview/security-overview-of-plone/ MISC http://www.procheckup.com/Hacking_Plone_CMS.pdf XF plone-accookie-mitm(41425) Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network.