CVE-2008-1396

NameCVE-2008-1396
DescriptionPlone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs473571

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
plone3source(unstable)(unfixed)low473571

Notes

[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
Search for package or bug name: Reporting problems