CVE-2005-4689

Properties

Published:
30.12.2005
Updated:
01.02.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
    Product:
    Six Apart: Movable Type

    Vulnerability description

    Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.

    References:

    FULLDISC: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html
    http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html: http://www.sixapart.com/movabletype/docs/3.2/h_changelog/3_2.html